- VPN complexity and poor maintenance are leading to a surge in ransomware incidents, the report said.
- Alternatives to cloud VPNs can reduce your exposure to ransomware and direct attacks.
- Complex on-premises VPN systems often result in outdated configurations.
Companies relying on legacy on-premises solutions VPN devices may be at higher risk from ransomware, findings At-Bay InsurSec Report 2025 stated.
An analysis of cyber insurance claims found that organizations using Cisco and Citrix VPN systems are 6.8 times more likely to be attacked ransomware than those who do not have such devices.
The study, based on more than 100,000 years of insurance data collected between January 2024 and March 2025, looked at incidents among approximately 40,000 insured customers in the United States.
SonicWall VPN is also at risk
At-Bay said it adjusted its analysis to take into account how common each product was among customers.
At-Bay CISO Adam Tyra said: Register“We believe the message is clear: companies relying on on-premises VPN devices from providers such as Cisco and Citrix should seriously consider migrating to modern cloud-based remote access solutions.”
Businesses wanting to stay safe should read our guidance on best VPNs And best VPNs with antivirus.
The report found that SonicWall VPN users were 5.8 times more likely to encounter ransomware after a 300 percent spike in Akira attacks in the third quarter: Palo Alto Global Protect was 5.5 times more likely, and Fortinet was 5.3 times more likely.
According to At-Bay, companies using any type of on-premises VPN are 3.7 times more likely to be attacked than those using a cloud VPN or no VPN at all.
“We're not saying these products are inherently unsafe, but they are complex and require constant maintenance,” Tyra said. “While many organizations can deploy them securely, far fewer can maintain them properly over time, resulting in missed patches and outdated configurations.”
The report added that 80 percent of ransomware incidents began when attackers gained access through remote access tools, with 83 percent of these involving VPN devices. This is due to the increasing complexity of the device.
Tyra said, “The bottom line is that traditional on-premises VPNs are often too complex for most businesses to operate securely.” He added that Secure Access Service Edge's cloud-based products “significantly reduce exposure to direct attacks compared to traditional VPNs.”
Neither Cisco nor Citrix responded to Register requests for comments.
The best antivirus for any budget
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
