Retail has lower cyberattack interruption rate

A Sophos released the conclusions of the new sectoral research, entitled “The State of Ransomware in Retail 2023”, which revealed that last year, only 26% of retail organizations were able to stop a ransomware attack before their data was encrypted. This rate represents a three-year consecutive low – with a decline of 34% in 2021 and 28% in 2022 – suggesting that the sector is increasingly unable to prevent ongoing offensives.

Additionally, the report found that for retail organizations that paid to ransom their data, average recovery costs (not including ransom payments) were four times higher than those that used backups to restore their data – US $3 million vs. $750,000.

“Retailers are losing ground in the battle against ransomware. Cybercriminals have been encrypting increasing percentages of retail company data over the past three years, as evidenced by the declining rate of industry organizations stopping ongoing attacks. Institutions must improve their defense mechanisms by configuring security strategies that detect and respond to intrusions earlier in the attack chain,” explains Chester Wisniewski, director and global field CTO at Sophos.

“According to our survey respondents, 43% of retail victims paid the ransom, but the average recovery cost for those who did so was four times the amount spent by those who used backups and other restoration methods . There are no shortcuts in these situations and rebuilding systems is almost always necessary. It is better to deprive criminals of their resources and rebuild the system better”, added Wisniewski.

Other key findings from the report include:

• Aligned to a trend Broader and multi-industry, the retail sector has seen the highest rate of encryption over the past three years, with 71% of organizations attacked by ransomware stating that attackers successfully encrypted their data;
• The percentage of retail organizations attacked by ransomware decreased from 77% last year to 69% this year;
• The percentage of retail organizations that recovered in less than a day decreased from 15% to 9% this year, while the percentage of institutions that took more than a month to recover increased from 17% to 21%.

Sophos recommends the following practices to help defend against ransomware and other cyberattacks:

• Strengthen defense mechanisms with:

• Security tools that protect against the most common attack vectors, including endpoint protection with strong anti-ransomware and anti-exploit capabilities;
• Zero Trust Network Access (ZTNA) to prevent exploitation of compromised credentials;
• Adaptive technologies that automatically respond to attacks, interrupting opponents and buying time for defenders to respond;
• 24/7 threat detection, investigation, and response to threats, whether provided internally or by a specialized threat provider managed detection and response (MDR).

To learn more about “The State of Ransomware in Retail 2023”, the full report download is available at Sophos.com.

“The State of Ransomware 2023” survey interviewed 3,000 IT/cybersecurity leaders at organizations with between 100 and 5,000 employees, including 355 in the retail sector, in 14 countries across the Americas, EMEA and Asia-Pacific.

Website: