The vast majority of companies struck by ransomware attacks in the past year have paid, according to an insurance specialist report which warns against the mixed results for those who do it.
The Home Company Insurer Hiscox has published its annual cyber preparation report in a context of concern concerning a series of cyber attacks against high -level names in the last six months, in particular Marks and SpencerTHE Cooperative And Jaguar Land Rover (JLR).
The automaker has received a Sterling 1.5 billion pound loan guarantee By the government to help protect its vast supply chain, including many small businesses, the impact of a month -long closure of its factories.
Although some have already dismissed staff – a fraction of the 200,000 people employed among suppliers – many pirate victims are small and medium -sized enterprises (SMEs) who do not attract such financial support by themselves.
There is no length to which cybercriminals will look at – with pirates last week threatening to release the personal data of children to the custody of a nursery chain.
Please use Chrome Browser for a more accessible video player
Nursery hackers: “there is more to come”
Hiscox said that 27% of the 5,750 SMEs questioned had been targeted with ransomware in the past 12 months. Among these, 80% had paid a ransom.
But Hiscox added that only 60% of these companies had managed to recover all or part of their data after making a payment.
Almost a third of companies have paid a ransom have met with requests for more money, he said.
Attacks the “survival threat” of companies
The wider results of the study showed that almost 60% of the companies surveyed had experienced a cyber attack during the period, many vulnerabilities of artificial intelligence to leave them exposed.
Many have faced substantial fines for failures to properly protect data and results have also shown hits not only to results, but also to reputation and orders.
Eddie Lamb, world leader of Cyber in Hiscox, said: “No company, as small, can afford to underestimate the devastating impact that a cyber attack may have.
“Cyberattacks do not only disturb daily operations; They can threaten the very survival of a business.
“Financial fallout, fines paralyzing with lost or rising customers, can even push the most resilient activities on the edge.
Please use Chrome Browser for a more accessible video player
Inside Factory affected by Jaguar Land Rover Shutdown
JLR would have been in the process of Finalize an insurance policy To cover cyber loss when it was targeted at the end of August.
The company is already faced with an invoice estimated at 200 million pounds sterling in loss of production.
Henry Green, co-founder of the assured cyber-assurance broker, said policies should reflect real financial risk levels, or they were useless.
“For coverage of 300 to 500 million pounds sterling, JLR would have considered a bonus around 5 million pounds sterling with at least an excess of 10 million pounds sterling,” he said.
The costs of policies that cover all the losses in the event of cybercrime will exceed many companies, although the cyber-assurance market increases beyond the main employers.
This is due in part to the very public impact of the disruption of M&S, increased warnings on preparation and increased competition in the insurance service.
Please use Chrome Browser for a more accessible video player
Four stops on M&S cyber attacks, cooperative and Harrods
The Imarc research specialist says the market was worth 521 million pounds Sterling last year and is expected to exceed 2.4 billion pounds sterling by 2033.
M&S estimated at least 300 million pounds sterling in the attack on ransomware against his business in mid-April.
But the retailer, who would have largely paid his attackers, expects to scratch most of this sum thanks to his insurance policies.
Find out more Sky News:
EA video game manufacturer in record buyers
Reeves does not reduce budgetary speculation
Mr. Lamb, who urged investment in protections, added: “Cybercriminals are now much more focused on theft of sensitive commercial data – things like contracts, executive e -mails, finances and intellectual property – because it is easier to monetize than personal information.
“Once stolen, they request payment to avoid public exposure, threats of pricing based on reputation damage.
“This change has exposed gaps in data loss prevention checks of certain companies, which attackers easily exploit.”