Companies hit by ransomware often targeted again, research says

A new study found that more than a third of companies that pay a ransom to cybercriminals are attacked a second time.

Martyn Landi
Tuesday 08 November 2022 08:26 EST
The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again (Peter Byrne/PA)
The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again (Peter Byrne/PA) (PA Media)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

More than a third of companies who paid a ransom to cybercriminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.

The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.

The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.

The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data.

Ransomware is a form of cyber attack which locks files and data on a user’s computer and demands payment in order for them to be released back to the owner and has been used as part of a number of high-profile cyber attacks in recent years, including the 2017 attack on the NHS.

Our report shows that investing in building robust cyber defences and preparing an effective response for an attack are more effective than paying cybercriminals

Gareth Wharton, Hiscox Cyber chief executive

The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems.

While 29% said that despite making the payment their stolen data was still leaked.

A further 26% said a ransomware attack had had a significant financial impact on their business.

The report was based on a survey of more than 5,000 organisations across eight countries, including the UK and Ireland.

Gareth Wharton, Hiscox Cyber chief executive, said: “Ransomware is still the most prevalent and damaging form of cyber attack and it is not uncommon for a company to be hit multiple times.

“Even if a business owner makes the decision to pay the ransom, often they cannot fully restore their systems or prevent a data breach.

“That is why it is vital that businesses take the necessary steps to protect their data and systems against a cyber attack; making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training, and frequently backing-up data.

“Our report shows that investing in building robust cyber defences and preparing an effective response for an attack are more effective than paying cybercriminals.

“It is revealing that more than a quarter of businesses we surveyed paid a ransom in the hope of recovering their data because they did not have any back-ups when regular and robust back-up processes can be one of the most effective ways of mitigating the impact of a ransomware attack.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in