Companies Are Coughing Up Ransom To Recover Their Data

The fourth Hiscox Cyber Readiness Report reports that six per cent of the 5,569 firms polled, and one in six of those attacked, had surrendered by paying out ransom fees following a cyber attack. 
 
The highest losses for a single firm targeted with a ransom demand hit £40.2 million. The report also showed that total cyber losses surged 50 per cent to nearly £1.4 billion in 2019.
 
Hiscox warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
 
The Report surveyed a representative sample of private and public sector organisations in the US, UK, Ireland, Belgium, France, Germany, Spain, and the Netherlands. Each firm was assessed on its cyber security strategy and execution. 
 
The Report says that UK businesses are now 15 times more likely to suffer a hacking incident rather than a fire or theft with one firm paying out £71 million.
 
Among the key findings:
 
  • Cyber losses soar: Total cyber losses among the study group rose from $1.2 billion to nearly $1.8 billion. The highest reported cyber losses were by a UK financial services firm, at $87.9 million. The highest loss from any one cyber event was $15.8 million, involving a UK professional services firm. The most heavily targeted sectors were financial services, manufacturing and technology, media and telecoms (TMT). Irish firms suffered the highest median costs, at over $103,000.
  • Held to ransom: More than 6% of total respondents, or one in six of those attacked, paid a ransom following a malware attack. The highest losses reported by any single company targeted with ransomware, and which could include other cyber events, topped $50 million. 
  • Upping their game: The number of firms achieving ‘expert’ status in our cyber readiness model increased from 10% to 18%. This follows two years while progress stalled. US and Irish firms came out best with 24% ranked as experts.  France was the biggest improver with 18% of firms ranked as experts, up from 6%. Overall, twice as many firms responded to a breach this year by adding new security and spending more on employee training.
  • Pace of cyber spending accelerates: The average spend on cyber security rose from $1.47 million to $2.05 million, a rise of 39%. French firms spent the most with an average of $3.1 million. Spanish and US firms were not far behind, at $2.6 million and $2.4 million respectively. The  average spending by British business rose from just under $900,000 to $1.5 million. 
Currently cyber losses per firm have risen nearly six-fold, from an average of £8,041 a firm to £45,832. UK firms are now 15 times more likely to suffer a cyber-attack than a fire or theft, the report suggests.
 
The biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71 million. The report also uncovered that the highest loss from any one cyber event was £12.7 million, involving a UK professional services firm.
 
While cyber attack losses rose last year, the Hiscox report that firms are increasing their defences against hackers, with spending on cyber security rising 39 per cent. “The number of businesses that have paid a ransom following a malware infection is chilling... There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending'  the Hiscox Cyber chief executive commented
 
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers. "There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft for which most automatically insure," said a Hiscox spekesman.
 
 
Hiscox:      RTE:      WalesOnline:    Hull Daily Mail:    Cambridge News: 
 
You Might Also Read:
 
US Bombarded With Ransomware:
« Amazon Web Services Fights Off Massive DDoS Attack
Darktrace Wins Fortress Cyber Security Award »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Defence Labs

Defence Labs

Defence Labs is a cybersecurity company specialising in cost effective penetration testing for small-to-medium sized enterprises.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.