- The report finds VPN complexity and poor maintenance are leading to an increase in ransomware incidents
- Cloud-based VPN alternatives can lower exposure to ransomware and direct attacks
- Complex on-premise VPN systems often result in outdated configurations
Businesses relying on older on-premise VPN devices may face higher ransomware risks, findings from At-Bay’s 2025 InsurSec Report have claimed.
The analysis of cyber insurance claims found that organizations using Cisco and Citrix VPN systems were 6.8 times more likely to be hit by ransomware than those without such devices.
The study, based on more than 100,000 policy years of data collected between January 2024 and March 2025, looked at incidents among about 40,000 insured customers in the United States.
SonicWall VPN is also at risk
At-Bay said it adjusted its analysis to account for how common each product is in customer environments.
At-Bay’s CISO for customers, Adam Tyra, said The register“We believe the takeaway is clear: Companies that rely on on-premises VPN devices from vendors like Cisco and Citrix should strongly consider switching to modern cloud-based remote access solutions.”
Businesses looking to stay safe should check out our recommendations for best VPNs and best VPNs with antivirus.
The report found that SonicWall VPN users were 5.8x more likely to experience ransomware after a 300 percent increase in Akira attacks in the third quarter, with Palo Alto Global Protect at 5.5X and Fortinet at 5.3X.
Businesses using an on-premises VPN of any kind were 3.7 times more likely to be victims of an attack than those using a cloud-based VPN or no VPN at all, At-Bay reported.
“We are not suggesting that these products are inherently unsafe, but they are complex and require consistent maintenance,” Tyra said. “While many organizations can deploy them securely, far fewer can properly maintain them over time, leading to lost patches and outdated configurations.”
The report added that 80 percent of ransomware cases began when attackers gained access through remote access tools, with 83 percent of them involving VPN devices. It attributed this to increasing device complexity.
Tyra said: “The bottom line is that traditional on-premise VPNs are often too difficult for most businesses to operate securely.” He added that cloud-based Secure Access Service Edge products “significantly reduce exposure to direct attacks compared to traditional VPNs.”
Neither Cisco nor Citrix responded The registry requests for comments.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
