Global firms paying out billions in cyber attack ransom demands
● Highest loss for a single business was £40.2 million
One in six firms met the demands of hackers last year by paying ransoms, according to the “chilling” findings of a report on cyber crime.
The annual Hiscox Cyber Readiness Report revealed that 6% of the 5,569 firms polled – and one in six of those attacked – had surrendered by paying a ransom following a cyber attack.
The highest loss for a single firm targeted with ransomware was £40.2m.
The report also showed that total cyber losses surged 50% to nearly $1.8 billion (£1.4bn) in 2019.
Cyber losses per firm have risen nearly sixfold, from an average of £8,041 a company to £45,832.
British firms are now 15 times more likely to suffer a cyber attack than a fire or theft, the report suggests.
It found the biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71m.
The report also found the highest loss from any one cyber event was £12.7m, involving a UK professional services firm.
It comes after a spate of cyber attacks on British firms, with foreign exchange company Travelex the victim of a highprofile hack at the turn of the year and reportedly paying £1.8m in January to the Revil ransomware gang.
The New Year’s Eve attack left its systems down for weeks, forcing the group to resort to pen and paper across its branches.
But while cyber attack losses rose last year, the Hiscox report also found that firms are improving their defences against hacks, with spending on cyber security rising 39%.
Gareth Wharton, Hiscox Cyber chief executive, said: “The number of businesses that have paid a ransom following a malware infection is chilling.
“There is, however, one very
Hiscox positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending.
“Take-up of standalone cyber insurance remains patchy but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft for which most automatically insure.”
The study surveyed companies across the UK, US, Belgium, France, Germany,
Spain, the Netherlands and the Republic of Ireland.
It found that the average spending in the UK rose from just under £724,000 last year to £1.2m.
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and companies leaving themselves vulnerable due to staff using less secure home working computers.
“The number of businesses that have paid a ransom following a malware infection is chilling.”