The State of Ransomware in Retail 2023

ResourcesRansomware

New insights into how ransomware impacts the retail sector, including the frequency, root causes of attacks, and data recovery costs.

Sophos has released the State of Ransomware in Retail 2023, an insightful report based on a survey of 355 IT/cybersecurity professionals across 14 countries working in the retail sector. The findings reveal the reality of the ransomware challenge facing the sector.

Rate of attack and data encryption in retail

According to the 2023 study, the rate of ransomware attacks in retail has dropped from 77% to 69% year over year, contrary to the global cross-sector trend, which has remained constant at 66% over the previous two reports.

However, the rate of data encryption is now at its highest in three years, with almost three-quarters of ransomware attacks (71%) in retail resulting in data being encrypted. At the same time, the percentage of attacks stopped before data was encrypted continues to go down, with just one in four attacks (26%) stopped before data was encrypted.

In 21% of cases where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

Root causes of attacks in retail

Exploited vulnerabilities (41%) were the most common root cause of the most significant ransomware attacks in the retail sector, followed by compromised credentials (22%). Furthermore, nearly one-third of retail respondents (32%) said email (malicious emails or phishing) was the root cause of attacks.

Data recovery and the propensity to pay the ransom in retail

97% of retail organizations got their encrypted data back, the same as the global average. To recover the encrypted data, 43% of retail organizations reported paying the ransom, while over two-thirds (68%) relied on backups – slightly lower than the cross-sector averages. Concerningly, the use of backups in retail decreased to 68% in the 2023 survey from 73% in the 2022 survey.

The proportion of retail organizations paying higher ransoms has increased from our 2022 study, with over two-thirds of retail organizations (68%) reporting payments of $1 million or more compared to 5% (with rounding) the year prior. Conversely, 6% paid less than $100,000, down from 70% in last year’s report.

Start Sales Conversations and Generate Leads

Use this insightful report to start conversations with your customers and prospects in the retail industry. It’s a great tool to generate leads for your business. You can find the guide along with promotional materials on the Sophos Partner Portal (login required).

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

  1. Strengthen defensive shields, including:
    • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
    • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
    • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
  2. Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
  3. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 355 in the retail sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.