Businesses Pay Ransomware But Don’t Get Data Back!

Within the last 24 months, 44 per cent of all UK organisations have been infected by ransomware, and 27 per cent of those were infected more than once, according to recent research published by cyber security firm, Trend Micro. Ransomware is a type of malicious software (malware) designed to block access to specific data, files or even the entire computer until a designated sum is paid to the cyber criminals responsible for the attack. Of the organisations that have been infected with this type of malware, 1 in 3 stated that their employees were affected by the attack along with an estimated 31 per cent of their customers. This type of cyber attack can be especially dangerous if an organisation does not have any sort of digital backup for the data and files that could be sequestered by malware.

Despite the potential damage that this type of cyber attack could cause, nearly 75 per cent of surveyed organisations who have not been infected by ransomware stated that they would never pay cyber criminals. Yet, 65 per cent of organisations that have been infected end up paying the ransom. The average cost for an organisation is £540, but 1 in 5 businesses have paid more than £1,000. Unfortunately, less than half of those organisations actually get their blocked data back.

The effects of a cyber attack are not just financial, as an organisation infected with malware may also be affected by a loss of reputation and business interruptions. In fact, it takes an average of 33 hours to repair the damage caused by ransomware. To ensure that your organisation is protected from ransomware, follow these simple best practices:

  • Provide all employees—from the directors and officers to the interns—with comprehensive data security training to ensure that they know how to identify and manage cyber security threats, such as suspicious email requests or webpage prompts.
  • Install security software on each computer in your organisation to detect and stop malware and viruses.
  • In addition, you may want to consider drafting a non-work mobile device policy to minimise the potential of a data breach caused by an employee’s personal device.
  • Finally, it is worth considering purchasing cyber insurance. Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:

    • hold sensitive customer details such as names and addresses or banking information;
    • rely heavily on IT systems and websites to conduct their business;
    • process payment card information as a matter of course.

You can get more information regarding cyber insurance from the ABI

One of our commercial insurance specialists will also be happy to talk through this in more detail to help you decide on the best way to protect your business from cyber threats. Give them a call today.