Public administrations are more defenseless against ransomware than other groups or organizations, according to a study conducted by Comparitech. The site specializing in cybersecurity and privacy protection examined 1,133 attacks against government-related entities around the world between 2018 and 2024. The results confirm the harmfulness of this type of attack.
27.8 days of business interruption
Comparitech calculated that an attack resulted in an average of 27.8 days of business interruption for the targeted administration. The daily cost of inactivity is estimated at $86,600. Total losses related to this ransomware are $2.2 billion.
The daily cost of ransomware in a public entity is lower than in other sectors: it actually amounts to $900,000 in healthcare and $1.9 million in manufacturing. But with nearly 30 days of interruption in the public sector, the duration of inactivity is also longer: it is 16 days on average "only" in the health sector, and 12 days in the industrial sector.
According to the study, this difference is based on the fact that administrations are less well equipped to deal with attacks, often due to budgetary constraints. This results in a much longer restoration of services.
Local authorities remain the main targets in the public sector, but national agencies and the finance, transport, utilities, and justice sectors are increasingly affected.
Comparitech also indicates that ransomware attacks on government agencies peaked in 2023 (231 attacks), falling back to 193 last year. However, the number of compromised files is higher in 2024 (2.3 million) than in 2023 (1.3 million). The average ransom is $2.2 million, but the range is extremely wide: from $50 to $75 million. The total demanded The total cost to hackers is $2.9 billion — not everyone is paying, however, and hackers are evolving their extortion tactics.
Source: Comparitech
0 Comments