Average Ransom Payment for Canadian Organizations Jumps to More Than $1 Million, According to New Palo Alto Networks Survey
Press Releases
Dec 07, 2023
- 69% of business decision-makers believe that AI technologies have increased the threat level to organizations.
- 70% believe the federal government has a responsibility to do more to help businesses protect themselves against the latest threats.
TORONTO , Dec. 7, 2023 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today announced the results of the second edition of its Canadian Ransomware Barometer study conducted by the Angus Reid Group (Canada’s leading market research firm), which found that the average ransom paid by Canadian organizations has more than doubled since the first report: C$1.130 million in 2023 compared to C$458,247 in 2021 — an increase of almost 150%.
The survey of IT decision-makers at companies with 100 to 1,000 employees serves to highlight the state of cybersecurity in Canada and the impact of ransomware threats to Canadian businesses. The study found that of organizations that paid a ransom in 2023, the percentage of those that paid more than C$1 million jumped significantly from 8% in 2021 to 36% in 2023, with the average ransom demanded also increasing a significant 102% to C$906,115 in 2023 from an average of C$449,868 in 2021.
While the amount demanded and paid has increased dramatically, the percentage of Canadian organizations impacted by a ransomware attack has remained relatively unchanged — 35% in 2023 compared to 37% in 2021. However, more organizations are refusing to pay ransoms, with only 34% of organizations paying the demand, compared to 45% in 2021.
Businesses in the manufacturing sector appear to be targeted significantly more than other sectors, with 47% of respondents saying they have been hit with an attack, followed by the construction (38%) and healthcare and pharma (35%) sectors.
“The threat landscape in Canada has evolved since the first Ransomware Barometer study as more and more businesses recognize the need to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack,” said Daniel Roy, vice president and Canada country manager at Palo Alto Networks. “The study found that since 2021, companies are doing their share to improve their security posture by investing in cybersecurity as well as prioritizing employee training to better combat emerging threats.”
Emerging Threats
AI emerges as a potential threat: IT decision-makers are concerned with the potential threat artificial intelligence (AI) poses to their organizations. More than two-thirds of respondents (69%) believe the emergence of more AI technologies has increased the threat level to their organizations. The top three perceived threats that AI technologies pose to organizations’ cybersecurity include:
- Automated phishing (21%).
- Data privacy risks (21%).
- Advanced cyberattacks (19%).
Breaches, phishing and ransomware remain as top threats: The survey found that company leadership was most concerned about potential data breaches (68%), phishing attacks (60%) and ransomware (53%). For the public sector, more than three-quarters of respondents (80%) believe data breaches to be their top threat type, while 78% of healthcare and pharma decision-makers considered phishing attacks the top threat to the sector.
Businesses are making the right investments
In a sign of positive progress, though, the survey found that organizations are taking a more proactive approach to improving their cybersecurity posture compared to two years ago. Over the past 12 months, 1 in 5 organizations (20%) have increased their spending on cybersecurity software significantly for better protection against cyberattacks, while a majority (51%) have increased spending somewhat. In parallel, organizations who think their employees have insufficient understanding of cybersecurity best practices recognize the importance of cybersecurity training, with almost half (49%) updating or implementing new cybersecurity training for its workforces to better protect against the latest cyberthreats, up from 38% in 2021.
“In the two years since the first study, Canadian organizations have largely taken a proactive approach to improving their security posture,” said Demetre Eliopoulos, senior vice president of Public Affairs at Angus Reid. “However, organizations are also paying a significantly higher cost than two years ago. As a result, Canadians IT decision makers are expecting the Federal Government to step up in helping organizations better protect themselves against emerging threats.”
Businesses call on the Government to do more
In addition to investing in cybersecurity solutions and training, more than two-thirds of IT decision-makers (70%) believe the federal government has a responsibility to do more to help businesses protect against the latest threats. Currently, only one-quarter (25%) believe the government is doing enough to help businesses protect themselves against cybersecurity threats.
Almost three-quarters (74%) believe cybersecurity compliance for organizations should be mandated by the federal government, while an overwhelming majority (92%) believe cybersecurity education programs should be part of the high school curriculum to prepare young Canadians.
For more information:
- To learn more about the 2023 Palo Alto Networks Canada Ransomware Barometer, please visit this page.
- To learn more about the 2021 Palo Alto Networks Canada Ransomware Barometer, please visit this page.
- To learn more about how Unit 42® can help organizations prepare for a ransomware attack, please visit this page.
Survey Methodology
In partnership with Palo Alto Networks, the Angus Reid Group conducted an online survey among a representative sample of 1,000 business and IT decision-makers in organizations with 100+ employees, in the week of November 6, 2023. The respondents are members of the Angus Reid Business Advisory Network. For comparison purposes only, a probability sample of this size would carry a margin of error of +/- 3.1 percentage points 19 times out of 20 for business leaders.
About The Angus Reid Group
The Angus Reid Group is Canada’s most well-known and respected name in opinion and market research data. Offering a variety of research solutions to organizations across North America, the Angus Reid team connects technologies and people to derive powerful insights that inform your decisions. Data is collected through a suite of tools utilizing the latest technologies. Prime among that is the Angus Reid Forum, an opinion community consisting of engaged residents across the country who answer surveys on topical issues that matter to everyone. Within this community sits the Business Advisory Network, a highly engaged community of B2B professionals comprised of decision makers in the financial sector, IT professionals, education, trades and other B2B sectors. This community is diverse, accurate and delivers reliable business intelligence for your organization’s biggest decisions.
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2023, 2022, 2021), with a score of 100 on the Disability Equality Index (2023, 2022), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.
Palo Alto Networks, Unit 42, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.
SOURCE Palo Alto Networks, Inc.