Most ransomware victims pay up - with mixed results

The vast majority of companies hit by ransomware attacks over the past year have paid up, according to an insurance specialist's report that warns of mixed outcomes for those who do.

Business-to-home insurer Hiscox released its annual Cyber Readiness Report against a backdrop of concern over a series of cyber attacks on high profile names over the past six months, including Marks and Spencer, the Co-op and Jaguar Land Rover (JLR). The carmaker has been handed a £1.5bn loan guarantee by the government to help shield its vast supply chain, including many small firms, from the impact of a month-long shutdown of its factories.

While some have already laid off staff - a fraction of the 200,000 people employed among suppliers - many victims of hackers are small and medium-sized businesses (SMEs) that would not attract such financial support by themselves. There are no lengths to which cyber criminals will stoop - with hackers just last week threatening to release the personal data of children in the care of a nursery chain.

Hiscox said 27% of the 5,750 SMEs surveyed had been targeted with ransomware over the last 12 months. Of those, 80% had paid a ransom.

But Hiscox added that only 60% of those companies had successfully recovered all or part of their data after making a payment. Almost a third of the firms to have paid a ransom were met with demands for more money, it said.

Attacks 'threaten survival' of firms The wider findings of the study showed that almost 60% of the companies surveyed had experienced a cyber attack in the period, with many blaming artificial intelligence vulnerabilities for leaving them exposed. Many faced substantial fines for failures to adequately protect data and the findings also showed hits to not only bottom lines but reputations and orders too.

Eddie Lamb, global head of cyber at Hiscox, said: "No business, however small, can afford to underestimate the devastating impact a cyber-attack can have. "Cyber attacks don't just disrupt day-to-day operations; they can threaten the very survival of a business.

"The financial fall-out, from crippling fines to lost customers or soaring costs, can push even the most resilient business to the brink. On top of this, the stress and long hours required to recover can impact staff morale and even lead to burnout." JLR was reportedly in the process of finalising an insurance policy to cover cyber disruption when it was targeted at the end of August.

The company is already facing an estimated bill of £200m from lost production. Henry Green, co-founder of the cyber insurance broker Assured, said policies had to reflect true levels of financial risk, or they were pointless.

"For £300-500m cover, JLR would have been looking at a circa £5m premium with at least a £10m excess," he said. The costs of policies which cover all losses in the event of a cyber crime will be far beyond many firms, though the cyber insurance market is growing beyond major employers.

That is partly due to the very public impact of disruption to the likes of M&S, heightened warnings over preparedness and increased competition in insurance provision. The research specialist imarc says the market was worth £521m last year and expected to top £2.4bn by 2033.

M&S has estimated a hit of at least £300m from the ransomware attack on its business in mid-April. But the retailer, which is widely believed to have paid off its attackers, expects to claw the bulk of that sum back through its insurance policies.

Read more from Sky News:Video game maker EA in record buyoutReeves fails to quell budget speculation Mr Lamb, who urged investment in protections, added: "Cyber criminals are now much more focused on stealing sensitive business data – things like contracts, executive emails, financials, and intellectual property – because it’s easier to monetise than personal information. "Once stolen, they demand payment to avoid public exposure, pricing threats based on reputational damage.

"This change has exposed gaps in some companies’ data loss prevention controls, which attackers are readily exploiting.".