New research reveals companies of all sizes affected equally. Most companies not confident in current security measures Manufacturing, Retail and Hospitality industries most targeted. Poor password discipline remains a major vector.


New York City, NY and Rishon Letzion, Israel, (November 10th, 2021) –  Cymulate, the Extended Security Posture Management market leader, announced today the results of a survey, revealing that despite the increase in the number of attacks this past year, overall victims suffered limited damage in both severity and duration. Research taken from nearly 900 enterprise professionals across 14 sectors worldwide highlighted that the majority of respondents undertook proactive measures to prevent the attack before it could cause any significant damage, and the vast majority of those even before it could cause any serious downtime. There was little difference in the size of organizations that ransomware targeted, affecting both large and small companies alike.

Highlights include:

  • More than half – whether previously hit by ransomware or not – don’t feel confident they can fend off a ransomware attack.
  • One-third (28%) of organizations were hit by ransomware over the last few years.
    • 23% of smaller business (between 1-1,000 employees) experienced a ransomware attack, 27% of mid-size (between 1,001-5,000) and 23% large enterprises (20,000+)
    • Only 14% of respondents that experienced an attack were down for a week or more
    • 19% of the respondents experienced major damages and interruption to business or production and 26% reported that damages were relegated to a few systems.
  • 70% report increased awareness of ransomware threats at boardroom level and business management level
  • Frequency of attacks is the highest in APAC, followed by Latin America, Africa and North America.
  • All companies, regardless of size have a 1-in-4 chance of being hit by ransomware.
  • Prior victims of ransomware are allocating more security budget (64%) and headcount (58%) than organizations not previously attacked. Non victims however are still allocating more security budget (55%) and headcount (37%).
  • Most companies are creating new or modified incident response plans with between 43% (victims) to 46% (non-victims).
  • Poor password discipline is still a major attack vector.
  • Traditional security procedures/purchases were added because of ransomware
  • 39% increased end-point detection and response (EDR) and 34% increased multi-factor authentication (MFA) in non-victim and 30% increased EDR in victims.
  • 82% of the respondents are adopting offensive cybersecurity solutions.


To access the full report, see here


“This latest survey is critical in helping us understand that while we may be experiencing increased anxiety from the rise in ransomware, we have also learned lessons and are able to both prevent attacks and recover far quicker than before,” said Eyal Wachsman, CEO and Co-Founder of Cymulate. “Organizations still need to remain vigilant as ransomware continues to strike every sector and every size organization. Security teams need to ensure current controls are effective and conduct basic cyber hygiene to prevent further damage.”

Cymulate recently broadened its capabilities, becoming the first company to offer an extended security posture management solution. They provide out-of-the-box, expert and threat intelligence-led risk assessments that are constantly updated and simple to deploy for all maturity levels. Their open framework enables the creation of automated red and purple teaming exercises by generating penetration campaigns and advanced attack scenarios tailored to their unique environments and security policies. Deployable within an hour, Cymulate enables security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end, across the MITRE ATT&CK® framework.


About Cymulate

Cymulate SaaS-based Extended Security Posture Management (XSPM) deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end, across the MITRE ATT&CK® framework.   

The platform provides out-of-the-box, expert and threat intelligence led risk assessments that are simple to deploy and use for all maturity levels, and constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. Cymulate allows professionals to manage, know and control their dynamic environment.

For more information, visit and register for a free trial.

Contact for Cymulate:

Levona Simha, Marketing Director at Cymulate

[email protected]

IL: +(972) 523 536638


Media contact for Cymulate:

Gina Shaffer

[email protected]

US: +1(707) 533-1504

IL: +(972) 54-649-3485