Cyber criminals return for seconds after ransomware payments – report

Over a third (36%) of companies who paid a ransom to cyber criminals went on to be targeted for a second time, according to a new report by Hiscox, which also found that 41% of those that paid ransom demands to cyber criminals failed to recover all their data.

The Hiscox cyber readiness report, based on the views of over 5,000 organisations of all sizes across eight countries, found the industries that were forced to pay a ransom were those with ‘just-in-time’ supply chains, including food and drink (62%), manufacturing (51%) and leisure (50%).

Of those businesses that did pay, 43% still had to rebuild their systems, even though they received a recovery key from the hackers. Almost a third (29%) who paid a ransom demand still had data leaked, and 26% felt that the attack had a significant financial impact by threatening the solvency and viability of their business.

Gareth Wharton, Hiscox cyber CEO, said: “Ransomware is still the most prevalent and damaging form of cyber attack and it is not uncommon for a company to be hit multiple times. Even if a business owner makes the decision to pay the ransom, often they cannot fully restore their systems or prevent a data breach. That is why it is vital that businesses take the necessary steps to protect their data and systems against a cyber attack, making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training, and frequently backing-up data.”

The report also shows that the frequency of cyber attacks has increased by 12% year-on-year, with 48% of businesses suffering an attack in the past 12 months. Of those attacked, 19% were victims of ransomware, compared to 16% in the previous year. The Hiscox report also reveals that phishing remains the number one point of entry for cyber hackers (62%) to successfully infiltrate businesses in a ransomware attack. This was closely followed by entry using credential theft (44%), a third-party supplier (40%), an unpatched server (28%), and brute force credentials, such as password guessing (17%).

Wharton added: “Our report shows that investing in building robust cyber defences and preparing an effective response for an attack are more effective than paying cyber criminals. It is revealing that more than a quarter (26%) of businesses we surveyed paid a ransom in the hope of recovering their data because they did not have any back-ups, when regular and robust back-up processes can be one of the most effective ways of mitigating the impact of a ransomware attack.”

    Share Story:


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.