‘Chilling’ report reveals one in six firms pay ransoms to hackers
Image credit: Igor Stevanovic | Dreamstime
One in six firms met the demands of hackers in 2019 by paying out ransoms, a ‘chilling’ report on cyber crime has found, with UK companies worst hit by such attacks.
According to the Hiscox Cyber Readiness Report, published annually, 6 per cent of the 5,569 firms polled – and one in six of those attacked – had surrendered by paying a ransom following a cyber attack.
The report showed the highest losses for a single firm targeted with ransomware hit $50m (£40.2m). It also revealed that total cyber losses surged 50 per cent to nearly $1.8bn (£1.4bn) last year.
Cyber losses per firm have risen nearly six-fold, from an average of $10,000 (£8,041) a firm to $57,000 (£45,832), the report suggests.
“The number of businesses that have paid a ransom following a malware infection is chilling,” said Gareth Wharton, the chief executive of Hiscox Cyber. “There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending.”
Wharton added that although the take-up of standalone cyber insurance remains patchy, the report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.
The report revealed that the biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at $87.9m (£71m).
It also found the highest loss from any one cyber event was $15.8m (£12.7m), involving a UK professional services firm. It comes after a recent spate of cyber attacks on British firms, with foreign exchange firm Travelex becoming the victim of a hack at the turn of the year and reportedly paying out $2.3m (£1.8m) this January to the REvil ransomware gang.
But while cyber-attack losses rose last year, the Hiscox report also showed that firms are upping their defences against hacks, with spending on cyber security rising 39 per cent. Furthermore, the proportion of businesses targeted by cyber criminals fell from 61 per cent to 39 per cent.
The study surveyed companies across the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland, and found average spending in the UK rose from just under $900,000 (£724,000) last year to $1.5m (£1.2m).
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home-working computers.
“As companies roll out working from home, potentially less secure devices are being connected to corporate networks,” Wharton said. “Rapidly rolled-out remote-access solutions may lack the thorough security testing that would have taken place in more stable times.”
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.