Summary
This document is a whitepaper that presents findings from an independent survey of 154 organizations in South Africa that experienced ransomware attacks in the previous year. The survey, commissioned by Sophos, was conducted between January and March 2025 and included responses from IT and cybersecurity leaders. Key findings indicate that the median ransom demand in South Africa was $1 million, significantly higher than the previous year's $165,000. The report details the technical and operational root causes of ransomware attacks, with compromised credentials and lack of expertise being the most common factors. Additionally, it outlines the impact of ransomware on organizations, revealing that 60% of attacks resulted in data being encrypted. The average cost incurred by organizations to recover from these attacks was $1.31 million. The document also offers recommendations for improving defenses against ransomware, emphasizing prevention, protection, detection, response, and planning. Overall, the report highlights the ongoing threat posed by ransomware to South African organizations.
