"It is revealing that more than a quarter (26%) of businesses we surveyed paid a ransom in the hope of recovering their data because they did not have any back-ups when regular and robust backup processes can be one of the most effective ways of mitigating the impact of a ransomware attack."
- Gareth Wharton, Hiscox Cyber chief executive
The Hiscox Cyber Readiness Report, utilising statistics from over 5,000 organisations across eight countries, found the industries that were forced to pay a cyber ransom were predominately those with ‘just-in-time’ supply chains, including food and drink (62%), manufacturing (51%), and leisure (50%). Of those, more than four in ten (40%) who paid the ransom demand failed to recover all their data.
Furthermore, despite paying the random, 43% still had to rebuild their systems, nearly a third (29%) had data leaked, and over a quarter (26%) felt that the attack had a significant financial impact by threatening the solvency and viability of their business.
Hiscox’s report also found that the frequency of cyber-attacks has increased by 12% year-on-year – with 48% of businesses suffering an attack in the past 12 months. Of those attacked, 19% were victims of ransomware, compared to 16% last year.
It also revealed that phishing remains the number one point of entry for cyber hackers (62%) to successfully infiltrate businesses. This was closely followed by credential theft (44%), a third-party supplier (40%), an unpatched server (28%), and brute force credentials, such as password guessing (17%).
Commenting on these findings, Gareth Wharton, Hiscox Cyber chief executive, has said:
“Ransomware is still the most prevalent and damaging form of cyber-attack and it is not uncommon for a company to be hit multiple times. Even if a business owner makes the decision to pay the ransom, often they cannot fully restore their systems or prevent a data breach.
“That is why it is vital that businesses take the necessary steps to protect their data and systems against a cyber-attack; making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training, and frequently backing-up data.”