- Report Finds VPN Complexity, Poor Maintenance Driving Increase in Ransomware Incidents
- Cloud-based VPN alternate options can cut back publicity to ransomware and direct assaults
- Complex on-premises VPN programs usually lead to outdated configurations
Businesses that depend on older on-premises VPN gadgets may face increased ransomware dangers, findings from At-Bay InsurSec 2025 Report have claimed.
Analysis of cyber insurance coverage claims discovered that organizations utilizing VPN programs from Cisco and Citrix have been 6.8 occasions extra prone to be affected by ransomware than these with out such gadgets.
The examine, primarily based on greater than 100,000 coverage years of knowledge collected between January 2024 and March 2025, analyzed incidents amongst about 40,000 insured clients within the United States.
SonicWall VPN additionally in danger
At-Bay mentioned it adjusted its evaluation to consider how frequent every product is in clients’ environments.
Adam Tyra, CISO for At-Bay shoppers, mentioned The Registry“We assume the underside line is obvious: companies that depend on on-premises VPN gadgets from distributors like Cisco and Citrix ought to significantly contemplate transitioning to trendy cloud-based distant entry options.”
Businesses that wish to keep protected ought to take a look at our suggestions for the most effective VPNs and the most effective VPNs with antivirus.
The report discovered that SonicWall VPN customers have been 5.8 occasions extra prone to expertise ransomware, following a 300 % enhance in Akira assaults in the course of the third quarter, with Palo Alto Global Protect at 5.5 occasions and Fortinet at 5.3 occasions.
Businesses that used a neighborhood VPN of any kind have been 3.7 occasions extra prone to be victims of an assault than people who used a cloud-based VPN or no VPN in any respect, At-Bay reported.
“We’re not suggesting that these merchandise are inherently unsafe, however they’re advanced and require fixed upkeep,” Tyra mentioned. “While many organizations can deploy them safely, many fewer can correctly preserve them over time, resulting in skipped patches and outdated configurations.”
The report added that 80 % of ransomware circumstances started when attackers gained entry by way of distant entry instruments, and 83 % of them concerned VPN gadgets. He attributed this to the rising complexity of the machine.
Tyra mentioned: “The backside line is that conventional native VPNs are sometimes too troublesome to function securely for many companies.” He added that cloud-based Secure Access Service Edge merchandise “considerably cut back publicity to direct assaults in comparison with conventional VPNs.”
Neither Cisco nor Citrix responded the report requests for feedback.
