Ransomware continues to be a critical threat to businesses worldwide, with a staggering 83% of organisations reporting they experienced at least one ransomware attack in the last year. Alarmingly, almost half of those affected (46%) faced four or more attacks, and 14% encountered ten or more. These attacks, which involve malicious software encrypting valuable data until a ransom is paid, are causing serious disruptions. According to recent research by Onapsis, 61% of organisations impacted by ransomware faced downtime of at least 24 hours, highlighting the critical nature of these incidents. The downtime can cripple operations, leading to financial losses and operational challenges.

ERP Systems Becoming a Prime Target

A key finding from the research reveals that 89% of organisations affected by ransomware reported that their Enterprise Resource Planning (ERP) systems were compromised. ERP systems, which manage vital business functions such as accounting, supply chain management, and human resources, have become attractive targets for cybercriminals. These systems are business-critical, and the increasing frequency of attacks on them underscores the need for dedicated security solutions. In fact, 93% of respondents agreed that securing ERP applications should be a top priority, emphasising the urgency of investing in ERP-specific cybersecurity measures.

AI-Enabled Threats Amplify Concerns

There are growing concerns about the role of artificial intelligence (AI) in amplifying cyber threats. Gartner’s 2024 risk report highlighted AI-enhanced attacks as a top concern for businesses. As attackers leverage AI to craft more sophisticated and damaging threats, the risk to systems like ERP is only expected to increase. Mariano Nunez, CEO of Onapsis, pointed out that ransomware groups are increasingly focusing on disrupting ERP systems because of the immense leverage they gain from causing downtime, which can cost organisations millions of dollars per hour.

How Organisations Are Responding to Ransomware

In response to these rising threats, many organisations have been forced to reconsider their cybersecurity strategies. According to the research, 96% of businesses have adjusted their security approaches as a direct result of ransomware attacks. These adjustments have taken various forms: 57% of companies invested in new security solutions, 54% ramped up employee training on cybersecurity, and 53% added more cybersecurity staff internally to strengthen their defences. Additionally, 36% sought external help by hiring threat research teams to stay ahead of potential risks.

Ransom Demands and Communication with Attackers

When it comes to handling ransom demands, the approach varies across organisations. The study revealed that 69% of respondents communicated with the attackers behind the ransomware incidents. However, when it comes to paying the ransom, businesses are divided: 34% pay every time, 21% pay occasionally, and 45% refuse to pay at all. For those that do pay, the process often involves working with third-party experts like ransomware brokers—83% of organisations that paid a ransom sought help from such intermediaries to facilitate negotiations.

The prevalence of ransomware has forced organisations to acknowledge that their traditional security measures may no longer suffice. The combination of frequent attacks, the targeting of critical ERP systems, and the emerging threat of AI-enhanced attacks calls for a more proactive and specialised approach to cybersecurity. Businesses are investing heavily in solutions and expertise to mitigate the risks, but with ransomware attacks continuing to evolve, ongoing vigilance and adaptation will be key to safeguarding digital assets in the years ahead.