Friend
Professional
- Messages
- 2,653
- Reaction score
- 841
- Points
- 113
53% of UK organisations have been victims of attacks in the last year.
Ransomware attacks in the UK have skyrocketed, which may be due to organizations' willingness to pay ransoms, as noted in a new study by Cohesity. As part of the 2024 Global Cyber Resilience Report, experts interviewed more than 3100 IT and security professionals from eight countries, covering various sectors of the economy.
In the UK, 53% of those surveyed reported falling victim to a ransomware attack in the past year, a significant increase from the previous year (38% in 2023). More than half of the affected organizations (59%) admitted to paying the ransom. In addition, 74% of respondents said they were also willing to pay if their system was attacked again. Despite the fact that 66% of UK organizations have clear rules prohibiting the payment of ransom, only 7% of respondents firmly stated that they would not pay extortionists under any circumstances.
At the same time, the UK is no exception. Globally, 67% of respondents have experienced a ransomware attack in the past year, with the figure reaching 86% in France. At the same time, 83% of respondents around the world said they were ready to pay the ransom, in France this figure is even higher - 97%.
Interestingly, Coveware's research showed a different trend, with only 36% of victims paying the ransom in the second quarter of 2024, well below the maximum of 85% recorded in the first quarter of 2019.
The average amount of payments for organizations in the UK was £870,000. The two companies admitted to paying out amounts in the range of £10 million to £20 million. Globally, 5% of respondents reported payments in excess of £10 million.
The process of recovering from ransomware attacks proves to be extremely slow. Law enforcement and government authorities strongly advise victims not to pay the ransom, as this could encourage further activity by cybercriminal groups. In addition, paying the ransom does not guarantee the recovery of all encrypted data. It should also be remembered that paying the ransom to sanctioned cybercriminal groups is illegal.
Only 4% of affected organizations were able to fully recover data after the attack, and less than 2% recovered data and resumed business processes within 24 hours. About 23% of companies were able to recover within 1-3 days, while 19% said it took three weeks to two months to recover.
James Blake, head of global cyber resilience strategy at Cohesity, highlighted the importance of cyber resilience, noting that the efforts of cybercriminal groups and broad digital attack surfaces make preventive measures impracticable. He noted that destructive cyberattacks significantly affect the ability of organizations to provide their services and products, which affects revenue, reputation, supply chains and customer trust.
Blake also pointed out the importance of business leaders prioritizing cyber resilience. Regulation and legislation, in his opinion, should be considered not as a "ceiling", but as a "floor" for developing cyber resilience and taking measures to protect data and restore business.
Source
Ransomware attacks in the UK have skyrocketed, which may be due to organizations' willingness to pay ransoms, as noted in a new study by Cohesity. As part of the 2024 Global Cyber Resilience Report, experts interviewed more than 3100 IT and security professionals from eight countries, covering various sectors of the economy.
In the UK, 53% of those surveyed reported falling victim to a ransomware attack in the past year, a significant increase from the previous year (38% in 2023). More than half of the affected organizations (59%) admitted to paying the ransom. In addition, 74% of respondents said they were also willing to pay if their system was attacked again. Despite the fact that 66% of UK organizations have clear rules prohibiting the payment of ransom, only 7% of respondents firmly stated that they would not pay extortionists under any circumstances.
At the same time, the UK is no exception. Globally, 67% of respondents have experienced a ransomware attack in the past year, with the figure reaching 86% in France. At the same time, 83% of respondents around the world said they were ready to pay the ransom, in France this figure is even higher - 97%.
Interestingly, Coveware's research showed a different trend, with only 36% of victims paying the ransom in the second quarter of 2024, well below the maximum of 85% recorded in the first quarter of 2019.
The average amount of payments for organizations in the UK was £870,000. The two companies admitted to paying out amounts in the range of £10 million to £20 million. Globally, 5% of respondents reported payments in excess of £10 million.
The process of recovering from ransomware attacks proves to be extremely slow. Law enforcement and government authorities strongly advise victims not to pay the ransom, as this could encourage further activity by cybercriminal groups. In addition, paying the ransom does not guarantee the recovery of all encrypted data. It should also be remembered that paying the ransom to sanctioned cybercriminal groups is illegal.
Only 4% of affected organizations were able to fully recover data after the attack, and less than 2% recovered data and resumed business processes within 24 hours. About 23% of companies were able to recover within 1-3 days, while 19% said it took three weeks to two months to recover.
James Blake, head of global cyber resilience strategy at Cohesity, highlighted the importance of cyber resilience, noting that the efforts of cybercriminal groups and broad digital attack surfaces make preventive measures impracticable. He noted that destructive cyberattacks significantly affect the ability of organizations to provide their services and products, which affects revenue, reputation, supply chains and customer trust.
Blake also pointed out the importance of business leaders prioritizing cyber resilience. Regulation and legislation, in his opinion, should be considered not as a "ceiling", but as a "floor" for developing cyber resilience and taking measures to protect data and restore business.
Source