Posted on June 22, 2020 at 3:34 PM
17% of Firms Paid Ransom Demands to Hackers, Report Reveals
Based on a recent finding on ransomware attack and cybercrime, about 1 in 6 companies paid ransomware demands by hackers over the past year.
This was revealed at the annual Hiscox Cyber Readiness Report, after taking out polls of 5,569 companies. The report revealed that 6 percent of that number paid out ransoms to hackers for the recovery of their stolen data and files. That means hundreds of companies had met the demands of the cybercriminals, despite warnings by authorities against such.
About $1.8 billion paid out in ransom last year
Hiscox revealed that the total losses from ransom payouts increased by 50% to about $1.8 billion last year.
The report also revealed that one firm, who recorded the highest payout losses, had to shell out as much as $50 million as a ransom to recover its important stolen data.
Furthermore, the number of companies becoming victims of cyberattacks have increased more than 6 times over the last year. Initially, the average loss per firm was about $10,000, but that has grown to $57,000 a firm. The report also suggests that U.K. firms are 15 times more likely to be hit by cyberattacks than theft or fire incident.
A U.K. firm suffered the biggest cyber loss
Hiscox surveyed companies from 8 different countries to identify their rate of cyber losses. It revealed that the biggest loser was from a company in the U.K. with a loss of nearly $90 million.
The report also indicated the biggest casualty to a single cyber event to be $15.8 million, which involved a professional financial service firm in the U.K.
This report is coming after U.K. firms faced a series of attacks, with foreign exchange juggernaut Travelex becoming one of the latest high profile hacking victims at the beginning of the year. As reported about the hacking incident, the company finally ended up shelling out about $2.3 million as a ransom payment to recover its hacked data. Popular REvil ransomware group was responsible for that attack, as revealed.
The attack on Travelex’s systems obstructed the company’s business activities as several of its systems were down for weeks, which forced it to resort to manual operations across its branches.
Firms are spending more on cybersecurity
According to the chief executive of Hiscox, Gareth Wharton, more businesses have paid a ransom to attackers in the past year.
“The number of businesses that have paid a ransom following a malware infection is chilling,” he said.
Although the level of cyber-attacks in companies has risen significantly from last year, the Hiscox report suggests that companies are getting smarter and better at protecting their systems. They are increasing their defenses against malicious activities and spending 39% more on cybersecurity.
Gareth further stated that, despite the staggering numbers of cyberattacks, there are some positives to be drawn from the report. There’s a clear indication that companies and organizations have improved in beefing up their security systems. There is an uptrend in cyber preparedness and a much-increased budget on enhanced levels of cyber protection by the firms.
The study surveyed firms from the U.K., U.S., Ireland, Netherlands, Spain, Germany, France, and Belgium. It discovered that average spending on cybersecurity increased to $1.5 million from less than $900,000 last year.
New Threats on the Horizon
Hiscox also revealed that the COVID-19 crisis is helping to spring up a different dimension of cyberthreats on companies.
According to the report, there has been an increased level of phishing scams as cybercriminals are targeting employees working from home. As many employees are working from home, which is less secure, cybercriminals are taking advantage to get into their systems to launch phishing attacks, Hiscox reveals.
Quickly rolled-out remote access solutions may not have the necessary security framework against an attack. As a result, the attackers are feeding on these vulnerabilities.
The report reiterated that firms need to sensitize their employees to follow strict security measures. They should also use two-factor authentication methods to keep their systems safe and prevent more phishing attacks on their systems.
