Companies Are Coughing Up Ransom To Recover Their Data

The fourth Hiscox Cyber Readiness Report reports that six per cent of the 5,569 firms polled, and one in six of those attacked, had surrendered by paying out ransom fees following a cyber attack. 
 
The highest losses for a single firm targeted with a ransom demand hit £40.2 million. The report also showed that total cyber losses surged 50 per cent to nearly £1.4 billion in 2019.
 
Hiscox warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
 
The Report surveyed a representative sample of private and public sector organisations in the US, UK, Ireland, Belgium, France, Germany, Spain, and the Netherlands. Each firm was assessed on its cyber security strategy and execution. 
 
The Report says that UK businesses are now 15 times more likely to suffer a hacking incident rather than a fire or theft with one firm paying out £71 million.
 
Among the key findings:
 
  • Cyber losses soar: Total cyber losses among the study group rose from $1.2 billion to nearly $1.8 billion. The highest reported cyber losses were by a UK financial services firm, at $87.9 million. The highest loss from any one cyber event was $15.8 million, involving a UK professional services firm. The most heavily targeted sectors were financial services, manufacturing and technology, media and telecoms (TMT). Irish firms suffered the highest median costs, at over $103,000.
  • Held to ransom: More than 6% of total respondents, or one in six of those attacked, paid a ransom following a malware attack. The highest losses reported by any single company targeted with ransomware, and which could include other cyber events, topped $50 million. 
  • Upping their game: The number of firms achieving ‘expert’ status in our cyber readiness model increased from 10% to 18%. This follows two years while progress stalled. US and Irish firms came out best with 24% ranked as experts.  France was the biggest improver with 18% of firms ranked as experts, up from 6%. Overall, twice as many firms responded to a breach this year by adding new security and spending more on employee training.
  • Pace of cyber spending accelerates: The average spend on cyber security rose from $1.47 million to $2.05 million, a rise of 39%. French firms spent the most with an average of $3.1 million. Spanish and US firms were not far behind, at $2.6 million and $2.4 million respectively. The  average spending by British business rose from just under $900,000 to $1.5 million. 
Currently cyber losses per firm have risen nearly six-fold, from an average of £8,041 a firm to £45,832. UK firms are now 15 times more likely to suffer a cyber-attack than a fire or theft, the report suggests.
 
The biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71 million. The report also uncovered that the highest loss from any one cyber event was £12.7 million, involving a UK professional services firm.
 
While cyber attack losses rose last year, the Hiscox report that firms are increasing their defences against hackers, with spending on cyber security rising 39 per cent. “The number of businesses that have paid a ransom following a malware infection is chilling... There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending'  the Hiscox Cyber chief executive commented
 
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers. "There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft for which most automatically insure," said a Hiscox spekesman.
 
 
Hiscox:      RTE:      WalesOnline:    Hull Daily Mail:    Cambridge News: 
 
You Might Also Read:
 
US Bombarded With Ransomware:
« Amazon Web Services Fights Off Massive DDoS Attack
Darktrace Wins Fortress Cyber Security Award »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.