Survey: 53 Percent of Organizations Blame Legacy Antivirus Protection for Failed Ransomware Prevention

SentinelOne Survey Highlights the Risks of Paying Ransomware; Organizations’ Adoption of Next-Gen Endpoint Protection to Improve Confidence in Repelling Attacks

Mountain View, Calif. – March 27, 2018 – According to the SentinelOne Global Ransomware Report 2018, more than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections. This distrust in legacy AV further confirms the required shift to next-gen endpoint protection in defending against today’s most prominent information security threats.

AV Fails to Foil Ransomware

Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful ransomware attacks, followed by un-timely responses (33 percent). Legacy vendors have failed to build solutions for new vectors – specifically, many legacy AVs still lack basic anti-exploit capabilities. In addition to naming the most common reasons for successful attacks, respondents indicated their level of confidence in future defense with advanced technology:

  • Ninety six percent of respondents who were infected with ransomware are confident they can prevent future attacks.
  • Sixty eight percent of confident respondents state this is because they replaced legacy AV with next-gen endpoint protection.

Cost of Ransomware: Negotiation Leads to More Attacks

The survey provides strong evidence that while ransomware attacks are on the rise, an organization should never pay the ransom in an attack due to the frequency of subsequent attacks, and infrequency of being able to unlock encrypted files:

  • Forty five percent of U.S. companies hit with a ransomware attack last year paid at least one ransom; but only 26 percent of these companies had their files unlocked.
  • U.S. organizations that paid the ransoms were targeted and attacked again with ransomware 73 percent of the time.

Interestingly, 44 percent of respondents claim that employees have paid a ransom without the involvement or sanction of IT/security teams. The U.S. is also, on average, paying higher ransoms than any region worldwide and spending more hours responding to infections:

  • The average value of ransoms paid by U.S. companies was $57,088 (global average is $49,060);
  • The average estimated business cost as a result of a ransomware attack – including ransom, work-loss and time spent responding, is more than $900,000;
  • The average number of employee hours dedicated to responding to ransomware infection: 44 hours (global average: 40 hours).

Ransomware Impact Felt by Partners and Supply Chain

Research also shows the significant negative impact ransomware attacks have on third-party suppliers and partners of organizations suffering an infection, magnifying the detriment attacks have on the U.S. business community as a whole:

  • Forty six percent claim third-party suppliers and partners suffered downtime;
  • Thirty five percent claim third-party suppliers and partners suffered loss of productivity;
  • Twenty percent claim third-party suppliers and partners suffered loss of revenue.

“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization. Paying the ransom isn’t a solution either – attackers are treating paying companies like an ATM, repeating attacks once payment is made,” said Raj Rajamani, SentinelOne VP of Products. “The organizations with the most confidence in stopping ransomware attacks have taken a proactive approach and replaced legacy AV systems with next-gen endpoint protection. By autonomously monitoring for attack behaviors in real-time, organizations can detect and automatically stop attacks before they take hold.”

About SentinelOne

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects and responds to attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real time for both on premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit or follow us at @SentinelOne, on LinkedIn or Facebook.

Jake Schuster
fama PR for SentinelOne
E: [email protected]
P: 1.617.986.5021