Over a third (36 percent) of companies that paid a ransom to cyber criminals went on to be targeted for a second time, according to the latest Cyber Readiness Report from Hiscox.
In addition, 41 percent of those that paid ransom demands to cyber criminals failed to recover all their data.
Based on responses from over 5,000 organizations of all sizes across eight countries, paying a ransom does not always work out the way businesses hope it will. More than 40 percent still had to rebuild their systems, even though they received a recovery key from the hackers. Nearly a third (29 percent) that paid a ransom demand still had data leaked, and 26 percent felt that the attack had a significant financial impact by threatening the solvency and viability of their business, according to Hiscox.
“Ransomware is still the most prevalent and damaging form of cyber attack, and it is not uncommon for a company to be hit multiple times,” said Gareth Wharton, Hiscox Cyber CEO. “Even if a business owner makes the decision to pay the ransom, often they cannot fully restore their systems or prevent a data breach.”
The report found the industries that were forced to pay a ransom were those with “just-in-time” supply chains: food and drink (62 percent), manufacturing (51 percent) and leisure (50 percent)
The report also shows that the frequency of cyber attacks has increased by 12 percent year-on-year—with 48 percent of businesses suffering an attack in the past 12 months. Of those attacked, 19 percent were victims of ransomware compared to 16 percent in the previous year.
Phishing remains the No. 1 point of entry for cyber hackers (62 percent) to successfully infiltrate businesses in a ransomware attack. This was closely followed by entry using credential theft (44 percent), a third-party supplier (40 percent), an unpatched server (28 percent) and brute force credentials, such as password guessing (17 percent).
“It is vital that businesses take the necessary steps to protect their data and systems against a cyber attack: making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training and frequently backing-up data,” Wharton said.
“Our report shows that investing in building robust cyber defenses and preparing an effective response for an attack are more effective than paying cyber criminals. It is revealing that more than a quarter (26 percent) of businesses we surveyed paid a ransom in the hope of recovering their data because they did not have any back-ups, when regular and robust back-up processes can be one of the most effective ways of mitigating the impact of a ransomware attack.”