A large number of UK organisations have been forced to pay a ransom to cybercriminals in the last 12 months, new research finds. The survey, commissioned by cybersecurity specialist Mimecast, finds that 48% of UK businesses have been affected by ransomware in the past 12 months, with 50% of those organisations affected paying cybercriminals the ransom. This means that almost a quarter (24%) of organisations within the UK have paid a ransom in the last year. The study also finds that 25% of organisations that paid the ransom didn’t recover their stolen data, showing that paying a ransom is fraught with risk.
The research finds that the impact of ransomware on organisations is severe, with 86% of UK businesses affected by ransomware experiencing downtime from the attack and 33% of those reporting that the downtime lasted between two and three days. On top of this, organisations faced other consequences from ransomware including: business disruption (38%), impact to employee productivity (35%) and data loss (29%).
Despite this increased threat of ransomware and the impact that it can have, the study finds that only one in five (19%) of UK organisations are providing their employees with awareness training on an ongoing basis and over a quarter (27%) are only providing awareness training once a year.
Carl Wearn, head of e-crime at Mimecast, said: “These findings highlight how widespread the threat of ransomware is to UK organisations, with multiple threat actor groups developing and utilising it to extort money from unprepared victims. These attacks can have massive ramifications for organisations such as downtime and loss of productivity, which forces many victims to take drastic action and paying the ransom. It isn’t surprising that a company may feel it has no choice but to pay up to regain access to its data, given that the alternative is to go out of business. But every ransom paid rewards the cyber criminals and sends a signal to others that there's profit to be made, creating a vicious cycle. It is also a massive risk to pay the ransom, because as this study shows it doesn’t always guarantee a return of the stolen data. There have also been instances where cybercriminals have taken the money and then came back to attack the victim at a later date.
Wearn continued: “It is much better for organisations to invest in their cybersecurity and reduce the risk of attack. The best way to ensure business continuity without being extorted is to implement strong resiliency measures. Ransomware is often a secondary infection, but we have also recently seen it being delivered in volume via encrypted email, which is an increasing threat vector. Individual users can also assist greatly by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks. This is why ongoing awareness training is absolutely vital and something that all organisations should be investing in. In the face of this increasing level of threat to all organisations cyber-hygiene and user awareness training will be critical to maintaining security.”