Cyber criminals are demanding increasingly large sums of money when carrying out ransomware attacks on UK businesses, research by technology firm Cybereason has uncovered.
In a new report, the researchers highlight how 51% of businesses that have paid a ransom demand have shelled out between £250,000 and £1m, while 4% have paid ransoms exceeding £1m.
The study of 305 companies also found that 84% that chose to pay a ransom demand suffered a second ransomware attack, with 53% falling victim to the same attackers.
Almost half of organisations reported a significant loss of business following a ransomware attack, with 61% admitting that they had lost revenue.
Furthermore, 63% of firms that lost business indicated that their brand and reputation had been damaged as a result of a successful attack.
Lior Div, CEO of Cybereason, said: “Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks.
“Ransomware attacks are a major concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result.”
The report also reveals that a startling 34% of organisations that have lost business due to a ransomware attack have been forced to close down their operations entirely.
A similar percentage have had to lay-off staff due to the financial pressures following an attack, while 45% have lost c-level talent as a direct result of an attack.
Other key findings included in the report reveal the extent to which losses to the business may be covered by cyber insurance, and how prepared organisations are to address ransomware threats with regard to adequate security policies and staffing.
In addition, the report provides actionable data on the types of security solutions organisations had in place prior to an attack, as well as which solutions were most often implemented by organisations after they experienced an attack.
“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business,” Div added.
Image credit: iStock
Author: Chris Seekings