A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
New Ransomware Statistics Reveal Gaps in Active Directory Resilience Breadcrumb Home Insights Blog New Ransomware Statistics Reveal Gaps in Active Directory Resilience February 6, 2025 By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, Semperis partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What was learned about the reality of ransomware is gruesome. Companies Must “Assume Breach” at All Times The reports resulting from this study — Semperis’ 2024 Ransomware Risk Report and 2024 Ransomware Holiday Risk Report — examine ransomware statistics gathered from a survey of 900 companies across the U.S., U.K., Germany and France. The first report focuses on the prevalence and frequency of ransomware attacks: 83% of surveyed organizations were targeted by ransomware in the past 12 months 74% of those companies were attacked for ransomware multiple times 78% of ransomware victims paid ransom 72% paid more than once in the span of a year 32% of victims in our study paid ransom four times or more over that period The second report examines trends in attack timing: 86% of attacked organizations were targeted on a weekend or holiday 63% of surveyed companies experienced a ransomware attack following a material corporate event such as an IPO, restructuring, merger or acquisition Based on these findings, we urge organizations to reinforce their “assume breach” mindsets. It’s now time to make sure that approach is adopted across the organization — and to step up your identity defense strategy accordingly. Most Companies Feel Compelled to Pay Ransom These new ransomware statistics reveal a troubling reality. Despite the deployment of data, application and system backups, and despite the implementation of identity recovery plans, most companies still feel compelled to pay ransom. Yet ransom payment does not guarantee successful decryption. Payment often marks the organization as an easy target, encouraging additional attacks or extortion attempts. Furthermore, many ransom payments go on to fund criminal and terrorist activities. Resisting ransomware gangs is therefore more than a good business practice. Identity Threat Detection and Response Still Falls Short for Many The study shows something that experts have long understood: An effective defense against cyber threats doesn’t end with endpoint protection. For most organizations, Active Directory (AD) is at the heart not just of the identity infrastructure, but of operational resilience. Because AD manages access to nearly all users, groups, applications and resources, it is a top target for attackers. The ability to defend and recover Tier 0 identity systems like AD is a deciding factor in the ability to say “no” to ransomware attackers. Yet: Only 27% of the companies surveyed said they maintain dedicated, AD-specific backups. Many other approaches rely on backups that don’t isolate AD from the operating system, enabling attackers to plant backdoors and malware that frustrate recovery efforts or open a path for future attacks 85% of respondents that maintained a security operations center (either in house or outsourced) reduced SOC staffing by as much as 50% on holidays and weekends 49% of surveyed organizations needed 1 to 7 days to recover minimal IT functionality after an attack; 12% required more than 7 days 40% of respondents said they do not have or are not sure whether they have sufficient budget to defend core identity systems such as AD The industry often notes identity has become the new security perimeter. Our study shows businesses are adopting identity protection plans. Yet these new ransomware statistics also show that without the tools to effectively monitor AD around the clock and quickly recover AD to a known safe state after an attack, those plans clearly don’t equate with the ability to fend off ransomware attacks. Essential Protection Strategies for Business Leaders So, why aren’t organizations stepping up their AD-specific defenses? Many participants in the study expressed concern with a lack of board support for their cybersecurity efforts. The best way to address this concern is for CISOs and CIOs to put the price of identity security and resilience into straightforward business terms, weighing the benefits of cyber defense against the total costs of ransomware. These costs go beyond a single ransom payment. Many study participants noted multiple payments as well as loss of cyber insurance, layoffs and resignations, reputational damage, fines and lawsuits, and temporary and permanent business closures. As Chris Inglis, former U.S. National Cyber Director and Semperis strategic advisor, has said, “The job of a CISO is to extend the aspirations of the business using digital infrastructure. CISOs can say, ‘I’ve read the business plan. This is how we extend that plan using digital infrastructure.’ That makes the board’s hearts sing … and creates a beneficial, virtuous circle in terms of how then do we feed resources [to cybersecurity efforts] so that the CISO can lead as they’re expected to do.” We hope these ransomware statistics will help CISOs and other IT and cybersecurity leaders open productive conversations with board members in a concerted effort to improve both identity security and operational resilience. By: Mickey Bresman CEO | Semperis Mickey Bresman is a co-founder of Semperis and leads the company’s overall strategic vision and implementation. A long-time enterprise software expert, Bresman began his technical career in the Navy computing technical unit over a decade ago. Prior to co-founding Semperis, he was the CTO of a Microsoft gold partner integration company, YouCC Technologies, successfully growing the company’s overall performance year over year. Bresman holds a BA in technical management and a minor in electronic engineering. Share: Optiv Semperis ransom Ransomware cyberattacks Cyber Threat Active Directory identity defense Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services