The report said that if businesses fall foul to ransomware and are not able to restore their data from a backup copy of their files, they may look to pay the hackers responsible for the attack to return their information. 

The Veritas research showed that companies with greater complexity in their multi-cloud infrastructure were more likely to make these payments.  The mean number of clouds deployed by those organisations who paid a ransom in full was 14.06. 

This dropped to 12.61 for those who paid only part of the ransom and went as low as 7.22 for businesses who did not pay.  In fact, only a fifth of businesses with fewer than five clouds paid a ransom in full, less than half the number (44 percent) for those with more than 20.  This compares with 57 percent of  the under-fives paying nothing to their hackers and just 17 percent of the over-20s.

Slow recovery times

Complexity in cloud architectures was also shown to have a significant impact on a business’s ability to recover following a ransomware attack. While 43 percent of those businesses with fewer than five cloud providers in their infrastructure saw their business operations disrupted by less than one day, only 18 percent of those with more than 20 were as fast to return to normal. Moreover, 39 percent of the over-20s took 5-10 days to get back on track, with just 16 per cent of the under-fives having to wait so long.

Senior Director, Head of Technology UK&I at Veritas Technologies, Ian Wood said the average company today is now using 12 different cloud providers to drive their digital transformation.  This number rises dramatically to an average of 21 cloud services in the UK.

“Our research shows that many businesses’ data protection strategies are not keeping pace with the levels of complexity that they’re introducing and, as a result, they’re feeling the impact of ransomware more acutely. To insulate themselves from damage of ransomware, organisations need to look to data protection solutions that can span their entire infrastructure, no matter how complex they may be.”

Businesses recognise the challenge

The Veritas research revealed that many businesses are aware of the challenge that they face, with just 36 per cent of respondents believing that their security had kept pace with the complexity in their infrastructure. The top concern because of this complexity, as stated by businesses, was the increased risk of external attack, cited by 37 per cent of all participants in the research.

Wood said: “We’ve heard from our customers that, as part of their response to COVID, they rapidly accelerated their journey to the cloud. Organisations turned to cloud deployments as they needed to enable homeworking across a wider portfolio of applications than ever before with limited access to their on-premises IT infrastructure. However, this increasingly complex multi-cloud infrastructure provides hackers with more opportunities to strike. Businesses need to deploy data protection solutions to secure these cloud environments, but many are lagging.

“ Our research shows that some businesses are investing to close that resiliency gap – but unless this is done as a priority, companies will remain vulnerable,” he said.

Need for investment

Half of businesses (46 percent) said that they had increased their budgets for security since the advent of the COVID pandemic. There was a correlation between this elevated level of investment and the ability to restore data in the wake of an attack: 47 percent of those spending more since the Coronavirus outbreak were able to restore 90 percent or more of their data, compared with just 36 per cent of those spending less. The results suggest that there is more to be done though, with the average business being able to restore only 80 percent of its data.

Cloud complexity hampers UK ability to defend against attacks

The issues revealed in this research appear to be exacerbated at a UK level – businesses in the UK have more complex cloud infrastructures and are more likely to have seen budget cuts during the COVID-19 crisis, with half  of UK businesses decreasing IT security budgets since the start of COVID-19. The research revealed:

• UK organisations use the highest number of cloud services globally - 35 percent of businesses use more than 20 cloud services, compared to just 16 percent globally
• 56 percent of companies admit to paying a ransom in full compared to the global average of 31 percent, making the UK the second most likely country in the globe to pay hackers demands in full
• The ability for UK businesses to recover from a ransomware attack also lags behind the rest of the world. Only seven per cent of UK companies can recover from a ransomware attack in under a day, far below the global average of 30 percent
• For more than a third (35 percent) of UK organisations, it would take between 10 days and a month to fully recover from an attack

Wood concludes: “Complexity in multi-cloud environments is severely hampering the UK’s ability to cope with ransomware attacks. The only redeeming quality for UK businesses is that 71 per cent have never experienced a ransomware attack, compared to the 58 per cent global average. However, ransomware attacks are a matter of when, not if. 

“The research shows a clear need for UK businesses to simplify their cloud infrastructure, invest in IT security and ensure the right data protection solutions are in place, otherwise they could be facing a costly and damaging attack.”