Hiscox: 40% of ransom payments fail to recover data

Around 40% of companies who paid a ransom to cybercriminals failed to recover all their data, according to new data produced by Hiscox. 

The figures will give hacking victims pause for thought before they make a payment to hackers.

The Hiscox Cyber Readiness Report, which is based on the views of over 5,000 organisations of all sizes across eight countries, found that, of those businesses that did pay, 43% still had to rebuild their systems, even though they received a recovery key from the hackers. 

Nearly a third (29%) who paid a ransom demand still had data leaked, and over a quarter (26%) felt that the attack had a significant financial impact by threatening the solvency and viability of their business.

The survey also found that 36% of companies that paid a ransom were subsequently targeted by cyber criminals a second time. 

“Ransomware is still the most prevalent and damaging form of cyber attack and it is not uncommon for a company to be hit multiple times,” said Gareth Wharton, Hiscox cyber chief executive, said. “Even if a business owner makes the decision to pay the ransom, often they cannot fully restore their systems or prevent a data breach.

“That is why it is vital that businesses take the necessary steps to protect their data and systems against a cyber attack; making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training, and frequently backing-up data.”

Hiscox’s report also shows that the frequency of cyber attacks has increased by 12% year-on-year – with almost half of businesses suffering an attack in the past 12 months.  

Of those attacked, 19% were victims of ransomware, compared to 16% in the previous year.

The Hiscox report also reveals that phishing remains the number one point of entry for cyber hackers (62%) to successfully infiltrate businesses in a ransomware attack. This was closely followed by entry using credential theft (44%), a third-party supplier (40%), an unpatched server (28%), and brute force credentials, such as password guessing (17%).