Over half of firms have a policy on whether to pay a ransom following an attack

More than half of businesses now have a defined policy in place to deal with ransomware attacks – whether this means paying a ransom, relying on insurance policies or refusing to pay at all.

The findings from Databarracks’ 2021 Data Health Check – which surveys over 400 UK-based IT decision-makers on matters relating to cybersecurity, IT resilience, cloud and remote working – found that 54% of businesses have an established protocol for such incidents.

When asked if their organisation had a policy for paying out on ransomware attacks 21% said they have a policy to never pay a ransom, while 14% will pay a ransom if it is lower than the cost to recover systems. 13% will pay if the ransom is covered by their cyber insurance policy, and 6% will pay only as a last resort if there is no other way to recover data.

Peter Groucutt, managing director of Databarracks, said: “Ransomware is the fastest growing threat we face. 29% or organisations were affected by ransomware in last 12 months, up from just 9% in 2016. It’s encouraging to see organisations being proactive, setting policies and taking steps to better protect themselves against ransomware.

“Instead of choosing the path of least resistance, organisations should take proactive steps to make themselves more resilient. If your policy is not to pay, you must have alternatives you can rely on. That means not only having back-ups and disaster recovery processes in place, but that they are tested, and you are confident that you can recover quickly. It takes hard work in the short term, but it is the only viable long-term solution.”

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021