Lack of education is the leading cause of successful ransomware attacks

Ransomware is the biggest emerging cyber security threat organisations face. We’ve logged more than 100 attacks since the start of this year, but that doesn’t include countless organisations that have hidden attacks for fear that disclosure will expose them as a target for further attacks.

So how are organisations supposed to protect themselves? Cyber security firm Datto believes the answer is staff awareness training.

Its Global State of the Channel Ransomware Report 2018 found that the most common way criminals infect organisations is by planting ransomware in phishing emails.

Poorly educated employees fall for the criminals’ scam, opening the attachment contained in the email only to unleash ransomware on their systems.

As the malware spreads through the network, the organisation must rush to isolate the infection and hope that it’s still capable of operating close to full capacity.


The cost of downtime following a ransomware attack is 10 times higher than the ransom demanded.

Datto provides infographics with other ransomware-related stats.


The report also found that many organisations are unaware of the frequency and severity of ransomware attacks. As you’d expect, those worst hit tend to be those that hadn’t acknowledged the threat and therefore didn’t have a coherent data protection strategy.

It’s frustrating to repeatedly read about organisations being crippled by attacks, because it’s relatively straightforward – although not necessarily inexpensive – to mitigate the threat.

Worse still are stories of organisations paying off the blackmailers. As Datto’s infographic above shows, the loss in productivity is by far the biggest cost associated with a ransomware attack.

Many senior decision-makers look at this and think the ransom demand seems reasonable in comparison. But they’re not seeing the risks associated with that payment. Who’s to say the criminal will keep their word and hand over the decryption key?

Are they going to take this as an invitation to infect you again? Will the money be used to launch other attacks, helping the cyber crime industry to thrive?

And what about the damage that’s already been done to your organisation? A data breach is a data breach regardless of whether you pay to get the information back.

The costs associated with the downtime therefore don’t simply disappear. You’re instead deferring an investment in cyber security to a payoff for cyber criminals.

If you want to prevent that from happening, you must commit to a culture of cyber security staff awareness and educate your employees on the threats they face.

Get started with IT Governance

Want to boost your cyber security knowledge? You can do so from the comfort of your own home or office with our Certified Cyber Security Foundation Training Course.

This course, which is available in classroom, distance learning and in-house, format course provides a comprehensive introduction to everything you need to know about cyber security in the workplace. It covers common threats, like phishing and ransomware, and explains how to protect devices and respond effectively to data breaches.

Designed by experts and delivered by professionals, this one-day course is perfect for those looking to add a key skill to their repertoire.

Get started

25% off training