Ransomware payments have nearly doubled in the past year, with UK companies paying more than the global average.
A report by cybersecurity firm Sophos reveals that ransomware payments rose to $1.5m, up from $812,000 the previous year. However, the average payment by UK organisations was $2.1m.
More than a quarter of firms across the world that made payments handed over between $1m and $5m, with high-earning companies being most likely to give in to cyber attackers. The average payout by firms with revenues of more than $5bn a year was just under $2.5m, the research shows.
The revelations come as the Federation of European Risk Management Associations (FERMA) raised major concerns that the cyber insurance market is “evolving in isolation from the industries which it insures”. It is demanding more certainty regarding the long-term viability of insurance products, and warned that corporate buyers may turn against cyber insurance due to more policy exclusions and restrictive terms and conditions.
“The corporate market recognises the critical nature of cyber insurance as well as the need for the insurance sector to manage its potential exposure to cyber risk, particularly given the systemic risk it poses,” said FERMA vice-president Philippe Cotelle. “However, it is also important to ensure that the product remains attractive and efficient for buyers.
“Recent decisions to restrict the scope of coverage have created uncertainty regarding the ability of insurance to meet the evolving cyber risk requirements of policyholders.”
FERMA is calling for an annual event, similar to a UN Conference of the Parties, where insurers, reinsurers, brokers, buyers, regulators and service providers can consider how to deliver a sustainable cyber insurance market.