Study uncovers unexpected losses following ransomware attack

A poll among security professionals suggests that a large proportion of firms that have chosen to pay ransom demands go on to suffer a second attack – often at the hands of the same threat actor. In the UK, 84% of organisations that paid a ransom demand were hit again, with 61% reporting significant loss of revenue, according to the poll conducted by Cybereason.

The security firm polled 1,300 security professionals globally, and found that more than half had fallen victim to a ransomware attack. The research also revealed that of the 300 organisations polled in the UK who opted to pay a ransom demand to regain access to their encrypted systems, 43% reported that some or all of the data was corrupted during the recovery process – which Cybereason says underscores why it does not pay to pay ransomware attackers.

“Ransomware attacks are a major concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,” said Cybereason CEO, Lior Div.

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business.”

The ransomware effect: UK-specific findings (Source: Cybereason)

• Loss of business: 47% of organisations reported significant loss of business following a ransomware attack. Of these, 61% admitted to losing revenue.

• Ransom demands increasing: 51% of businesses that paid a ransom demand shelled out between £250,000 - £1m, while 4% paid ransoms exceeding £1m.

• Brand and reputation damage: 63% of organisations that admitted to losing business indicated their brand and reputation were damaged as a result of a successful attack

• C-level talent loss: 45% of organisations that admitted to losing business reported losing C-level talent as a direct result of ransomware attacks

• Employee layoffs: 31% of those who admitted to losing business reported being forced to layoff employees due to financial pressures following a ransomware attack

• Business closures: 34% of organisations that admitted to losing business reported that a ransomware attack forced the business to close down operations entirely

Table shows percentage of respondents to Cybereason's survey reporting layoffs following a ransomware attack.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.