16th June 2021

New Cybereason Ransomware Study reveals true cost to business
Trend

84% of organisations that paid a ransom demand were hit again, whilst 61% reported significant loss of revenue
Cybereason, a leader in future-ready attack protection, hasreleased research findings from a global ransomware study of nearly 1,300 security professionals that reveals more than half of organisations have been the victim of a ransomware attack. In the UK specifically, 305 companies were contacted and 84% of businesses that chose to pay a ransom demand suffered a second ransomware attack, often at the hands of the same threat actor group(53%).
The report, titled Ransomware: The True Cost to Business, also divulged that of the organisations in the UK who opted to pay a ransom demand to regain access to their encrypted systems, 43% reported that some or all of the data was corrupted during the recovery process. These findings underscore why it does not pay to pay ransomware attackers, and that organisations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.
Key findings (UK-specific) in the research include:
-Loss of Business: 47% of organisations reported significant loss of business following a ransomware attack. Of these individuals, 61% admitted to losing revenue.
-Ransom Demands Increasing: 51% of businesses that paid a ransom demand shelled out between £250,000-£1m, while 4% paid ransoms exceeding £1 million.
-Brand and Reputation Damage: 63% of organisations who admitted to losing business indicated that their brand and reputation were damaged as a result of a successful attack
-C-Level Talent Loss: 45% of organisations who admitted to losing business reported losing C-Level talent as a direct result of ransomware attacks
-Employee Layoffs: 31% of those who admitted to losing business reported being forced to layoff employees due to financial pressures following a ransomware attack
-Business Closures: A startling 34% of organisations who admitted to losing business reported that a ransomware attack forced the business to close down operations entirely.
Other key findings included in the full report reveal the extent to which losses to the business may be covered by cyber insurance, how prepared organisations are to address ransomware threats to the business with regard to adequate security policies and staffing, and more granular information on the impact of ransomware attacks by region, company size and industry vertical. In addition, the report provides actionable data on the types of security solutions organisations had in place prior to an attack, as well as which solutions were most often implemented by organisations after they experienced a ransomware attack.
“Ransomware attacks are a major concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the US and negatively impacted other businesses who are dependent on Colonial’s operations,” said ceo and Co-founder of Cybereason, Lior Div.
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business.”
Survey Methodology
The research was conducted by Censuswide in April of 2021 on behalf of Cybereason. 1,263 cybersecurity professionals took part in the survey—with participants from the US, UK, Spain, Germany, France, United Arab Emirates, and Singapore. Major industry verticals covered in the research include the Technology, Manufacturing, Financial Services, Retail, Healthcare, Automotive, Legal and Government sectors.

Cyber Trends-1,123 mentions in Insurance Newslink)-latest:
-Ransomware is going to hurt-and in ways you may not yet recognise says ProLion
-Colonial Pipeline ransomware attack: don’t expect ransom payments to be recovered for everyone, says Databarracks
-Superscript and CyberSmart partner to provide embedded cybersecurity insurance
-Ransomware: focus on treating the cause not mopping up the mess
-ProLion targets ransomware protection market in global expansion drive