Halcyon: Ransomware and Data Extortion Business Risk Report

Written by
Anthony M. Freed
Published on
Jun 26, 2024

Halcyon published a new study detailing the significant impact on businesses from ransomware and data extortion attacks over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, one-in-five (18%) suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18%) were infected 5-9 times, and 30% were infected 2-4 times.

Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds (60%) of respondents said that sensitive or regulated data was exfiltrated from their organization, with more than half (55%) reporting the attackers issued an additional ransom demand to protect the exfiltrated data. As well, 58% of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits.

“The C-suite and BoD need to recognize that most of these attacks today are basically data exfiltration attacks with some ransomware sprinkled in, and once the data is exfiltrated the damage is done,” said Jon Miller, CEO & Co-founder, Halcyon.  

“Data exfiltration in many cases is a bigger problem for the victim organization than the disruption to operations because, as the report highlights, even if an organization pays the ransomware demand, these criminals still have that data, putting victim organizations and their leadership at heightened risk of lawsuits and regulatory actions.”

The study also revealed a strong disconnect between perception and reality when it comes to prevention and resilience against ransomware and data extortion attacks. Fully 88% of respondents indicated they were somewhat or very confident their organizations’ current security deployments could disrupt an attack before a ransomware payload is delivered, and 85% were somewhat or very confident their organizations could quickly resume regular operations following a successful attack. Yet more than one-in-three (36%) were Infected 5 times or more over the two-year period.

Furthermore, 62% of organizations hit by ransomware reported a major disruption in operations, with 38% saying operations were disrupted for at least two months to more than six months. These findings clearly show that organizations are overly confident in their ability to defend against and quickly recover from ransomware attacks.

Other key findings in the report include:

  • All organizations were running some combination of prevention tools when they were victimized in a successful ransomware attack;
  • Of the organizations that opted to pay a ransom demand, the majority (78%) said the attackers failed to provide a decryption key or data was corrupted upon decryption;
  • 59% of respondents indicated the total cost for remediation (incident response only) cost their organization more than $1 million
  • More than half (57%) said the attacks will have a negative impact long-term on their organization’s operations, competitiveness, profitability or overall viability;
  • Of the organizations that have cyber insurance, two-in-five (39%) said their premiums increased significantly following a ransomware attack, while more than one-quarter (28%) said premiums increased slightly.

“The disconnect between perceived and actual risk is not helping organizations be more resilient to ransomware attacks,” said Anthony M. Freed, Halcyon Director of Research and Communications.  

“While most respondents feel confident their current security deployments are adequate for both prevention and recovery, the data shows that the majority of attacks are nonetheless successful and victim organizations are struggling to get operations back up and running, which is what is driving up these post-attack recovery costs.”

Research was conducted through an independent survey with responses from 913 US-based directors-level or above and members of the security or IT teams at organizations that were targeted by a ransomware attack in the past 24 months.  


Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.