Companies Are Coughing Up Ransom To Recover Their Data

The fourth Hiscox Cyber Readiness Report reports that six per cent of the 5,569 firms polled, and one in six of those attacked, had surrendered by paying out ransom fees following a cyber attack. 
 
The highest losses for a single firm targeted with a ransom demand hit £40.2 million. The report also showed that total cyber losses surged 50 per cent to nearly £1.4 billion in 2019.
 
Hiscox warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
 
The Report surveyed a representative sample of private and public sector organisations in the US, UK, Ireland, Belgium, France, Germany, Spain, and the Netherlands. Each firm was assessed on its cyber security strategy and execution. 
 
The Report says that UK businesses are now 15 times more likely to suffer a hacking incident rather than a fire or theft with one firm paying out £71 million.
 
Among the key findings:
 
  • Cyber losses soar: Total cyber losses among the study group rose from $1.2 billion to nearly $1.8 billion. The highest reported cyber losses were by a UK financial services firm, at $87.9 million. The highest loss from any one cyber event was $15.8 million, involving a UK professional services firm. The most heavily targeted sectors were financial services, manufacturing and technology, media and telecoms (TMT). Irish firms suffered the highest median costs, at over $103,000.
  • Held to ransom: More than 6% of total respondents, or one in six of those attacked, paid a ransom following a malware attack. The highest losses reported by any single company targeted with ransomware, and which could include other cyber events, topped $50 million. 
  • Upping their game: The number of firms achieving ‘expert’ status in our cyber readiness model increased from 10% to 18%. This follows two years while progress stalled. US and Irish firms came out best with 24% ranked as experts.  France was the biggest improver with 18% of firms ranked as experts, up from 6%. Overall, twice as many firms responded to a breach this year by adding new security and spending more on employee training.
  • Pace of cyber spending accelerates: The average spend on cyber security rose from $1.47 million to $2.05 million, a rise of 39%. French firms spent the most with an average of $3.1 million. Spanish and US firms were not far behind, at $2.6 million and $2.4 million respectively. The  average spending by British business rose from just under $900,000 to $1.5 million. 
Currently cyber losses per firm have risen nearly six-fold, from an average of £8,041 a firm to £45,832. UK firms are now 15 times more likely to suffer a cyber-attack than a fire or theft, the report suggests.
 
The biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71 million. The report also uncovered that the highest loss from any one cyber event was £12.7 million, involving a UK professional services firm.
 
While cyber attack losses rose last year, the Hiscox report that firms are increasing their defences against hackers, with spending on cyber security rising 39 per cent. “The number of businesses that have paid a ransom following a malware infection is chilling... There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending'  the Hiscox Cyber chief executive commented
 
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers. "There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft for which most automatically insure," said a Hiscox spekesman.
 
 
Hiscox:      RTE:      WalesOnline:    Hull Daily Mail:    Cambridge News: 
 
You Might Also Read:
 
US Bombarded With Ransomware:
« Amazon Web Services Fights Off Massive DDoS Attack
Darktrace Wins Fortress Cyber Security Award »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

Octo

Octo

Octo, an IBM company, is a technology firm dedicated to solving the Federal Government’s most complex challenges, enabling agencies to jump the technology curve.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.