Companies Are Coughing Up Ransom To Recover Their Data

The fourth Hiscox Cyber Readiness Report reports that six per cent of the 5,569 firms polled, and one in six of those attacked, had surrendered by paying out ransom fees following a cyber attack. 
 
The highest losses for a single firm targeted with a ransom demand hit £40.2 million. The report also showed that total cyber losses surged 50 per cent to nearly £1.4 billion in 2019.
 
Hiscox warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
 
The Report surveyed a representative sample of private and public sector organisations in the US, UK, Ireland, Belgium, France, Germany, Spain, and the Netherlands. Each firm was assessed on its cyber security strategy and execution. 
 
The Report says that UK businesses are now 15 times more likely to suffer a hacking incident rather than a fire or theft with one firm paying out £71 million.
 
Among the key findings:
 
  • Cyber losses soar: Total cyber losses among the study group rose from $1.2 billion to nearly $1.8 billion. The highest reported cyber losses were by a UK financial services firm, at $87.9 million. The highest loss from any one cyber event was $15.8 million, involving a UK professional services firm. The most heavily targeted sectors were financial services, manufacturing and technology, media and telecoms (TMT). Irish firms suffered the highest median costs, at over $103,000.
  • Held to ransom: More than 6% of total respondents, or one in six of those attacked, paid a ransom following a malware attack. The highest losses reported by any single company targeted with ransomware, and which could include other cyber events, topped $50 million. 
  • Upping their game: The number of firms achieving ‘expert’ status in our cyber readiness model increased from 10% to 18%. This follows two years while progress stalled. US and Irish firms came out best with 24% ranked as experts.  France was the biggest improver with 18% of firms ranked as experts, up from 6%. Overall, twice as many firms responded to a breach this year by adding new security and spending more on employee training.
  • Pace of cyber spending accelerates: The average spend on cyber security rose from $1.47 million to $2.05 million, a rise of 39%. French firms spent the most with an average of $3.1 million. Spanish and US firms were not far behind, at $2.6 million and $2.4 million respectively. The  average spending by British business rose from just under $900,000 to $1.5 million. 
Currently cyber losses per firm have risen nearly six-fold, from an average of £8,041 a firm to £45,832. UK firms are now 15 times more likely to suffer a cyber-attack than a fire or theft, the report suggests.
 
The biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71 million. The report also uncovered that the highest loss from any one cyber event was £12.7 million, involving a UK professional services firm.
 
While cyber attack losses rose last year, the Hiscox report that firms are increasing their defences against hackers, with spending on cyber security rising 39 per cent. “The number of businesses that have paid a ransom following a malware infection is chilling... There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending'  the Hiscox Cyber chief executive commented
 
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers. "There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft for which most automatically insure," said a Hiscox spekesman.
 
 
Hiscox:      RTE:      WalesOnline:    Hull Daily Mail:    Cambridge News: 
 
You Might Also Read:
 
US Bombarded With Ransomware:
« Amazon Web Services Fights Off Massive DDoS Attack
Darktrace Wins Fortress Cyber Security Award »

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

UgCERT

UgCERT

UgCERT is a national Computer Emergency Response Team for Uganda, operating under the Uganda Communications Commission.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Secure Chorus

Secure Chorus

Secure Chorus is a not-for-profit membership organisation for the development of strategies, common technology standards and tangible capabilities in the field of information security.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

CRIP.TO

CRIP.TO

CRIP.TO is focused on the manufacturing of hardware and software products to provide users with the highest possible level of end-to-end encryption for data transmission.