The State of Ransomware in State and Local Government 2023


New insights into how ransomware impacts this sector, including the frequency, root causes of attacks, and data recovery costs.

Sophos has released The State of Ransomware in State and Local Government 2023, an insightful report based on a survey of 225 IT/cybersecurity professionals across 14 countries working in the state and local government sector. The findings reveal the reality of the ransomware challenge facing the sector.

Rate of attack and data encryption in state and local government

The 2023 study revealed that the rate of ransomware attacks in state and local government has increased from 58% to 69% year over year, contrary to the global cross-sector trend, which has remained constant at 66% in our 2023 and 2022 surveys. Additionally, the rate of data encryption is now at its highest in three years, with almost three-quarters of ransomware attacks (76%) in state and local government organizations resulting in data being encrypted. At the same time, the percentage of attacks stopped before data was encrypted continues to go down, with just one in five attacks (19%) stopped before data was encrypted.

Concerningly, state and local government organizations reported the highest rate of attacks (48%) where data that was encrypted was also stolen, which is much higher than the global average rate of 30%. This suggests that the state and local government sector is particularly exposed to such “double dip” attacks.

Root causes of attacks in state and local government

Exploited vulnerabilities (38%) and compromised credentials (30%) were the two most common root causes of the most significant ransomware attacks in the state and local government sector.  Email-based attacks (malicious emails or phishing) were the starting points for a quarter of attacks (25%) in this sector.

Data recovery and the propensity to pay the ransom

99% of state and local government organizations got their encrypted data back, which is above the global average of 97%. 34% of organizations reported paying the ransom to recover their encrypted data, while over three-quarters (75%) relied on backups. Encouragingly, the use of backups for this sector went by from 63% in the 2022 report to 75% in this year’s survey. Globally, the rate of ransom payments remained flat year over year, while the use of backups dropped from 73% in our 2022 study to 70% in the 2023 report.

The proportion of state and local government organizations paying higher ransoms has increased from our 2022 study, with over a quarter of organizations (28%) reporting payments of $1 million or more compared to 5% (with rounding) the year prior. Conversely, 60% paid less than $100,000, down from 90% in last year’s report.

Start Sales Conversations and Generate Leads

Use this insightful report to start conversations with your customers and prospects in the retail industry. It’s a great tool to generate leads for your business. You can find the guide along with promotional materials on the Sophos Partner Portal (login required).

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

  1. Strengthen defensive shields, including:
  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
  • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
  1. Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
  2. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 225 in the state and local government sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.