Over half of organisations have been the victim of a ransomware attack, according to new research.

A study from Cyberreason surveyed around 1,260 security professionals across the United States, United Kingdom, Spain, Germany, France, United Arab Emirates, and Singapore.

Of the 305 UK respondents, the 84 per cent of companies that chose to pay a ransom demand suffered a second ransomware attack, often at the hands of the same threat actor group.

The research revealed that of the organisations in the UK who opted to pay a ransom demand to regain access to their encrypted systems, 43 per cent reported that some or all of the data was corrupted during the recovery process.
In the UK, 47 percent of organisations reported significant loss of business following a ransomware attack. Of these individuals, 61 per cent admitted to losing revenue.

51 percent of British businesses that paid a ransom demand dished out between £250,000 - £1 million, while four percent paid ransoms exceeding £1 million.

63 percent of organisations who admitted to losing business indicated that their brand and reputation were damaged as a result of a successful attack
45 percent of organisations who admitted to losing business reported losing C-Level talent as a direct result of ransomware attacks.

A further 31 percent of those who admitted to losing business reported being forced to layoff employees due to financial pressures following a ransomware attack.
34 percent of organisations who admitted to losing business reported that a ransomware attack forced the business to close down operations entirely.

“Ransomware attacks are a major concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result,” said Lior Div, chief executive, Cybereason. “In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations."

Div added: “Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business.”

Share Story: