While the majority of state and local IT leaders in the US consider ransomware and associated cyber-risks to be an ongoing threat to their organisation, almost half of private and public sector entities are yet to put appropriate incident response plans in place.


The insights arrive out of a Palo Alto survey into security dangers being faced by IT officials at state, local and educational level in the US.

Significantly, the study found that overall concerns about ransomware attacks are high, and the threat is unlikely to decrease over the next 12 to 18 months. Respondents also reported that their organisations may not be prepared enough to protect against the increasing volume and sophistication of ransomware attacks.

While cybersecurity budgets have increased, a significant percentage of IT leaders are still not confident in their ability to effectively respond to and prevent ransomware threats, according to the survey results.

Having proper protections in place has never been more important as ransomware attacks are increasing in frequency and sophistication, and the average ransom demand continues to climb. Between 2019 and 2020, the average ransom paid by organisations in the US, Canada and Europe jumped from $115,123 to $312,493, (£88,372 to £239,880), reports say.

Cyber extortionists are demanding ransom not only to unlock the data they encrypt but also to prevent that data from being publicly released on the dark web. Almost a third of those polled said they have not yet completed an incident response plan for ransomware, and just over one fifth (22%) said they did not know if they had made such preparations.

On the other hand, those that said they do have a plan in place expressed far greater confidence in their organisation’s ability to withstand a ransomware attack. Over 75% of the study’s respondents said they also felt confident in their organisation’s ability to prevent compromise via common attack vectors, such as phishing emails and endpoint breaches.

When asked what organisations could do to better protect against ransomware attacks, most respondents said they could provide employees with security for their home networks and hire more IT/security staff.

Matthew Schneider, vice president of State, Local & Education at Palo Alto Networks, reflected: 

“With a wide attack surface area to protect and the critical need for continued operations, state and local government organisations are appealing targets of ransomware actors.

“Ransomware is a threat that isn’t going away, and being prepared for an inevitable cyberattack needs to be a top priority for public entities,” Schneider added.

PrivSec World Forum

Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities; 

Brussels | Stockholm | London | Dublin | Amsterdam

PrivSec World Forum is a two-day, in-person event taking place as part of the Digital Trust Europe series. Data protection, privacy and security are essential elements of any successful organisation’s operational make-up. Getting these things right can improve stakeholder trust and take any company to the next level.

PrivSec World Forum will bring together a range of speakers from world-renowned companies and industries—plus thought leaders and experts sharing case studies and their experiences—so that professionals from across all fields can listen, learn and debate.


PrivSec World Forum