Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cybersecurity specialist Hornetsecurity.

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.

Hornetsecurity CEO, Daniel Hofmann said: "Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world."

Microsoft 365 users targeted by attackers
The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organization admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

Hofmann added: "Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks."

Lack of business preparedness
Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyberattack.

In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.

The survey also showed that more than one in five businesses (21%) that were attacked either paid up or lost data. Hackers have an incentive to run these ransomware attacks because there's a decent chance that they'll get a payday - 7% of IT professionals whose organization was attacked paid the ransom, while 14% admitted that they lost data to an attack.

Hofmann concluded: "Interestingly, 97% of pros are moderately to extremely confident in their primary protection method, even if they don't use many of the most effective security measures available, such as immutable storage and air-gapped off-site storage. This tells us that more education is needed in the field, and we're committed to this cause."