A new survey, carried out by Datto Inc, has shown that ransomware remains the most common cyber threat to small to medium businesses (SMBs).

The fourth annual Global State of the Channel Ransomware Report surveyed more than 1,400 MSP decision makers that manage IT systems for SMBs. While ransomware is used against businesses of all sizes, SMBs have become prime targets for attackers who render data inaccessible until a ransom is paid.

The survey has uncovered a number of trends specifically impacting the SMB market.

Ransomware attacks are on the rise with 85% of managed service providers (MSP) reporting attacks in the past two years compared to 79% in 2018. In the first half of this year, 56% reported attacks while in Australia and New Zealand, 91% of MSPs reported attacks against SMBs in the past two years – the highest rate globally.

Many SMBs are not concerned about the threat of ransomware according to the survey with only 28% of MSPs voicing clients’ concerns.

The cost of ransomware is significant with 64% of MSPs reporting experiencing a loss of business productivity for their SMB clients and 45% reporting business-threatening downtime. The average cost of that downtime is US$141,000, more than 200% of an increase on last year’s figure. The cost of downtime is 23 times greater than the average ransom request of US$5,900.

However, basic and effective controls are not being used as widely as recommended. MSPs report enabling 2FA on just 60% of email clients and 61% of password managers, despite 67% claiming that phishing emails are the leading cause of ransomware breaches.

Business continuity and disaster recovery (BCDR) solutions have continued to prove to be the most effective in lessening the impact of a ransomware attack; 92%t of MSPs report that their clients with BCDR solutions in place are less likely to experience significant downtime during an attack. In addition, four out of five MSPs state victimised clients with BCDR tools in place recovered from an attack in 24 hours or less, while less than one in five MSP clients without BCDR were able to do the same.

ASI Solutions head of services Daniel Johns says: “Ransomware attacks most often succeed through very sophisticated phishing techniques – for example, when someone clicks on something they shouldn’t and the malware infiltrates their contact list – the attackers then use those credentials to exploit further.

He stresses that a proactive approach to cyber security is vital. SaaS applications are also a prime target for ransomware attacks with MSPs globally reporting a 15% increase in the attacks within Office 365 year-on-year.

Datta APAC regional director James Bergl says: “It is no surprise that the frequency and sophistication of ransomware attacks against SMBs in Australia and New Zealand is on the rise, but recording the highest rate globally of reported attacks in this region is a wake-up call from SMBs. We understand that the cost of downtime can cripple an SMB; as such, we work closely with our MSPs to take a proactive approach to delivering tailored cyber security solutions for small and medium businesses.”