Cyber Hygiene is Essential to Fighting Ransomware According to Tidal Cyber and GCA Analysis

Implementing basic cyber hygiene leads to a significant improvement in the ability of small businesses to fend off ransomware, according to an analysis by Tidal Cyber and the Global Cyber Alliance (GCA).

This recent analysis shows that cyber hygiene measures covered in the GCA Cybersecurity Toolkit for Small Business address “up to 86% of the [ransomware] techniques that enable initial network access or that compromise the confidentiality, integrity, or availability of data.” Furthermore, implementing the basic cyber hygiene steps offered in GCA’s toolkit addresses 72% of the most common ransomware techniques facing small businesses. See Defensive Measures Against Ransomware (2023).

Put another way, implementing basic cyber hygiene measures – via free tools, resources, and recommendations that are practical for small organizations to implement – has a significant impact in increasing confidence in defending against the most relevant ransomware methods of attack. Using Tidal Cyber’s “Confidence Scores” reflecting the ability to mitigate an attack, the average small business had a Confidence Score of 23 out of 50 in an “unprotected” state, where no defensive capabilities are enabled. After the GCA toolkit measures were implemented, the score increased notably by 16 points, to 39 out of 50.

The analysis also summarizes the major ransomware operations that claimed small business victims from January 2022 through April 2023.

  • The top relevant ransomware families were Clop, Lockbit 3.0, and Royal, followed by LockBit 2.0, ALPHV/BlackCat, and Black Basta.
  • Most of the ransomware groups operate on a “Ransomware-as-a-Service” (“RaaS”) model.
  • The dataset involved 3,183 public victims, the majority of which were small businesses. There were at least 836 small business victims in the US and 205 in the UK, with a smaller number of victims in other countries. In the data used, the average small business victim had 101 employees, and the median revenue of the small businesses was $18.1 million. 

Ransomware prevention is critical for small businesses

According to the U.S. Ransomware Task Force, threats to small businesses accounted for 70% of ransomware attacks in 2021, and Tidal Cyber’s analysis of ransomware extortion threats from 2022 through early 2023 found a similar rate (76%) involving small businesses over that time period. However, small businesses often lack the resources to invest in cybersecurity and the expertise to choose security products or services to protect themselves.

Over and above basic cyber hygiene, significant further reduction of risk is provided by sophisticated commercial Endpoint Detection and Response software and services, and advanced protection tools, which can detect ransomware symptoms. GCA will consider whether tools or models can be devised that make implementing these measures feasible and cost-effective for small businesses. For example, could such detection be effectively implemented with a lightweight device or agent that is automatically updated by a shared service?

“We know the steps that small businesses and even individuals need to take to substantially decrease their risk from cyber attacks, including ransomware. Now, we need to have the political and economic will to ensure those steps are taken. The return on investment is obvious,”  said Philip Reitinger, GCA’s President & CEO.


This collaboration between the Global Cyber Alliance and Tidal Cyber has been incredibly validating. It has been difficult for leaders of small businesses to understand the significant positive impact of basic cybersecurity tools and hygiene in the defense of ransomware. This research makes it clear that these very affordable measures are extremely effective and practical for small businesses to implement,”  said Rick Gordon, Tidal Cyber’s CEO.


About the Global Cyber Alliance

The Global Cyber Alliance is an international nonprofit organization dedicated to making the Internet a safer place by reducing cyber risk. We build programs, tools, and partnerships to sustain a trustworthy Internet to enable social and economic progress for all.

About Tidal Cyber

Founded in January 2022 by a team of threat intelligence veterans with experience at MITRE, the U.S. Department of Homeland Security, and a wide range of innovative security providers, Tidal Cyber enables businesses to implement a threat-informed defense more easily and efficiently. Tidal helps its customers map the security requirements and capabilities of their unique environment against the industry’s most complete knowledge base of adversary TTPs, including the MITRE ATT&CK knowledge base, additional open-source threat intelligence sources, and a Tidal-curated registry of security products mapped to specific adversary TTPs.