State of Ransomware 2021

Schedule a Meeting


The threat and scope of ransomware is acceleration. As one can see from these publically available statistics, ransomware is impacting companies across all industries and of all sizes. In 2021, a business will suffer a ransomware attack every 11 seconds.1


With increasing sophistication and evolving tactics, Coveware is finding the impact to operations and the resulting costs of those attacks is growing at an alarming rate.

$154,108 Average Cost of an Attack in Q4 2020
$220,298 Average Cost of an Attack in Q1 2021

The average cost of a ransomware attack
is up 43% from Q4 2020 to Q1 2021.2

The average downtime in a ransomware incident for a company that has been attacked is 23 days.3

Insights from Egnyte Customers

In order to further explore the impact of ransomware Egnyte analyzed all reported ransomware incidents with its customer base over a 16-month period. Below are the key findings.

Ransomware Attacks by Industry

Ransomware attacks occur in every industry across the globe. But, attacks may be more prevalent in industries where files are integral to the operation of the business, where the risk surface is larger, and where downtime is a less acceptable outcome.

Percentage of Attacks per Domain
Architecture, Engineering & Construction
Financial Services
Media & Entertainment
Business Services

Percent of Accounts Reporting an Incident Per Domain

North America 1.3% EMEA 2.5% Asia Pacific .5%

Ransomware Attacks in Architecture, Engineering & Construction

Egnyte’s State of Ransomware Report for Architecture, Engineering and Construction analyzed the threat of ransomware among Egnyte’s AEC customers.

The Frequency of Ransomware Attacks

AEC companies were more than twice as likely to be the target of ransomware than the Egnyte Cross-Industry Average.

Architecture, Engineering & Construction
Cross-Industry Average

Percent of Accounts Reporting an Attack by Geographic Location

While ransomware is a threat globally, we are seeing the preponderance of attacks occurring in North America with 2.1% of all accounts impacted by a successful attack.

North America 2.1% EMEA .7% Asia Pacific 1.5%

Attacks by Company Size

Companies with more than 1000 employees were 6x more likely to be attacked than mid-sized companies, most likely due to their ability to pay the ransom.

1-200 employees
201-1000 employees
1001+ employees

Recurrence of Ransomware

Companies hit with successful ransomware attacks had a very high likelihood they would be struck again. 32% of AEC companies who were victim of one attack experienced one or more follow-on attacks.

1 attack (68.4%)
4+ attacks (7.9%)
3 attacks (7.9%)
2 attacks (15.8%)

The Scope of Ransomware Attacks

To understand the scope of ransomware attacks on AEC companies we examined the number of files that were impacted by a given attack. This gives us an idea of how far an attack spread before it was contained and provides context for how impacted operations could be based on the amount of files impacted.

Smallest Number of
Files Impacted
Average Number of
Files Impacted
Maximum Number
of Files Impacted

Want more insider data about the scope and impact of ransomware in AEC?

How Egnyte Helps Protect Against Ransomware

While there is no 100% guarantee about avoiding ransomware, Egnyte has built in functionality to help companies mitigate and recover from a ransomware attack.

Three Phases of Ransomware

There are three primary phases of a ransomware attack and Egnyte has deployed specific capabilities in each of them.

1. Detection

Implementing preventative and automated detection capabilities


Behavioral Analytics

ML-based behavioral analytics will identify and flag patterns of file activity indicative of ransomware — such as renaming, deletions, and changes in file entropy.

2. Containment

Restricting the ransomware’s and users’ access to files


Automatic Notification

Automatic ransomware notification allows administers to cut off user and device access in case of a breach.

3. Remediation

Eliminating any potentially infected files and replacing them with clean backups


Back-Up & Restoration

File back-up and selective file restoration rolls back files across the infected parts of the organization.

The Road to Ransomware Recovery

How quickly an organization can identify, contain, and eradicate ransomware is critical to getting back to work. Egnyte helps companies quickly recover from a ransomware attack with an audit trail of compromised users, files, and data subjects/sensitive data. And selective file restoration only rolls back impacted files, not your entire file environment, so clean files can still be accessed to maintain current operations. That is why once a breach is reported to Egnyte the average time to recovery is only 155 hours — under a week.

What’s Next?

There are only two types of companies, those who have been hit by ransomware and those who will be hit by ransomware. Now is the time to ensure you are in the best possible position to mitigate and recover from a ransomware attack. To learn more about things you can do to protect against ransomware, check out our video “Detect & Mitigate Your Ransomware Risk”.

Or schedule a meeting with one of our experts to discuss how Egnyte can help you secure your most critical asset – your data.