Ransomware is now the most likely cyber threat to UK businesses, with a quarter of all major cyber attacks involving an attempt to make businesses pay a ransom to get their data back, according to City-headquartered law firm, RPC.
RPC has released data analysing more than 50 cyber breaches significant enough to involve a notification to the business’ insurer, and which have been notified to its award-winning ReSecure cyber incident response service over the past 18 months.
>See also: Ransomware still in the system despite eradication?
In the report, RPC said that this is consistent with other industry sources which suggest a rise in the use of ransomware, in which cyber-criminals encrypt access to data, and threaten to make it inaccessible if the owner does not pay a ransom. The ransom is often demanded in crypto-currencies such as Bitcoin, making tracking the criminals virtually impossible.
Highly publicised ransomware attacks including the ‘WannaCry’ and ‘Petya’ attacks have recently targeted organisations across the globe. WannaCry was reported to have infected more than 230,000 computers in over 150 countries in May 2017, with organisations affected including the NHS, FedEx, Honda, Renault and the Russian Interior Ministry.
Other forms of malware, mainly those permitting unauthorised access to users’ systems, were the second most common form of cyber-attack in the past year, based on RPC’s data, making up 17% of the total.
>See also: The global ransomware attack a cyber wake-up call
Hacking, in which an individual accesses a network manually, or using malware tools, after breaching security systems, made up 15% of breaches.
The firm says that as well as taking preventative steps to avoid suffering a ransomware attack, it is important that businesses of all sizes, particularly those that handle sensitive data, have specialist cyber risk insurance in place.
Richard Breavington, Partner at RPC, comments: “Ransomware attacks are now hitting British businesses of every size on a daily basis, and the effects of such an attack can be business-critical.”
“Cyber criminals from across the world are actively targeting UK businesses. The scale of the problem is such that even the best prepared businesses can have vulnerabilities and it is important that they ensure that they are prepared for the worst. This is now costing businesses billions of pounds a year.”
>See also: The cyber threat to UK businesses – NCSC and NCA report
“It’s absolutely critical that any business which has a substantial reliance on IT has comprehensive cyber insurance in place – the losses stemming from a cyber breach can quickly become very significant. The position will only become more acute from May 2018, when the General Data Protection Regulation will impose additional regulatory burdens and penalties on firms handling personal data.”
Insurance against these types of breaches is one of the fastest growing segments of the insurance industry. Data breach services such as ReSecure, provided through RPC, can help to limit the financial and reputational exposures of companies if they become the victim of an attack.