One in six firms paid ransoms to meet the demands of hackers last year, according to the “chilling” findings of a report on cyber crime.
The annual Hiscox Cyber Readiness Report revealed that six per cent of the 5,569 firms polled – and one in six of those attacked – had surrendered by paying out following a cyber attack.
The highest losses for a single firm targeted with a ransom demand hit £40.2 million. The report also showed that total cyber losses surged 50 per cent to nearly £1.4 billion in 2019.
Cyber losses per firm have risen nearly six-fold, from an average of £8,041 a firm to £45,832.
UK firms are now 15 times more likely to suffer a cyber attack than a fire or theft, the report suggests.
It revealed the biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at £71 million.
The report also uncovered that the highest loss from any one cyber event was £12.7 million, involving a UK professional services firm.
It comes after a recent spate of cyber attacks on British firms, with foreign exchange giant Travelex becoming the victim of a high-profile hack at the turn of the year and reportedly paying out £1.8 million in January to the notorious REvil ransomware gang.
The New Year’s Eve attack left its systems down for weeks, forcing the group to resort to pen and paper across its branches.
But while cyber attack losses rose last year, the Hiscox report also showed that firms are increasing their defences against hacks, with spending on cyber security rising 39 per cent.
Gareth Wharton, Hiscox Cyber chief executive, said: “The number of businesses that have paid a ransom following a malware infection is chilling.
“There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending.
“Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.”
The study surveyed companies across the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
Mr Wharton said: “As companies roll out working from home, potentially less secure devices are being connected to corporate networks.
“Rapidly rolled out remote access solutions may lack the thorough security testing that would have taken place in more stable times.”
