- Report finds VPN complexity and poor maintenance driving surge in ransomware incidents
- Cloud-based VPN alternatives can lower exposure to ransomware and direct attacks
- Complex on-premise VPN systems often result in outdated configurations
Businesses relying on older on-premise VPN devices could be facing higher ransomware risks, findings from At-Bay’s 2025 InsurSec Report have claimed.
The analysis of cyber insurance claims found organizations using Cisco and Citrix VPN systems were 6.8 times more likely to be hit by ransomware than those without such devices.
The study, based on more than 100,000 policy years of data collected between January 2024 and March 2025, looked at incidents among about 40,000 insured customers in the United States.
SonicWall VPN also at risk
At-Bay said it adjusted its analysis to account for how common each product is in customer environments.
At-Bay’s CISO for Customers, Adam Tyra, told The Register, "We think the takeaway is clear: Companies relying on on-premise VPN devices from vendors like Cisco and Citrix should strongly consider transitioning to modern cloud-based, remote access solutions."
Businesses wanting to be safe should check out our recommendations for best VPNs and best VPNs with antivirus.
The report found SonicWall VPN users were 5.8 times more likely to experience ransomware, following a 300 percent surge in Akira attacks during the third quarter, with Palo Alto Global Protect at 5.5X and Fortinet at 5.3X.
Businesses using an on-premise VPN of any kind were 3.7X more likely to fall victim to an attack than those using a cloud-based VPN or without any VPN, At-Bay reported.
"We're not suggesting these products are inherently insecure, but they are complex and require consistent maintenance," Tyra said. "While many organizations can deploy them securely, far fewer can maintain them properly over time, leading to missed patches and outdated configurations."
The report added that 80 percent of ransomware cases began when attackers gained access through remote access tools, with 83 percent of those involving VPN devices. It attributed this to increasing device complexity.
Tyra said, "The bottom line is that traditional on-premise VPNs are often too difficult for most companies to operate securely." He added that cloud-based Secure Access Service Edge products "significantly reduce exposure to direct attacks compared to traditional VPNs."
Neither Cisco nor Citrix responded to The Register’s requests for comment.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
