A new report states that more than three-quarters (77%) of organisations with cyber insurance were hit by at least one successful ransomware attack in the past 12 months, compared to 65% of organisations without cyber insurance.
“This could mean cybercriminals are more likely to target organisations with insurance, in the belief that the insurers will be willing to cover the ransom cost to speed up recovery,” states the 2023 Ransomware Insights report from IT security firm Barracuda.
The report adds that while cyber insurance companies can help negotiate ransom payments, or even provide the funds for the payment, multiple exclusions within their policies often mean companies will still face a very large bill.
More than a quarter (27%) of the organisations who took part in the survey say they are not fully prepared to deal with a ransomware attack.
When it comes to financial services firms, researchers found that:
- 29% had suffered one attack
- 35% had been attacked twice
- 11% had experience three or more attacks
The report’s authors conclude that repeat victims are more likely to pay the ransom to recover encrypted data.
“A successful ransomware attack will usually encrypt valuable data within an organisation,” say the authors.
“A full 95% of surveyed organisations that have experienced a successful ransomware attack in the last 12 months reported that their data was encrypted (by the attacker), causing major disruption to their business.
“Overall, only 1% lost the encrypted data, 34% chose to pay the ransom, and 52% used their backup systems to get the data back.”For 69% of organisations, ransomware attacks started with a malicious email, and for slightly larger companies with more than 250 employees, the percentage is higher than average (75%).
Appropriate measures have been taken to mitigate the impact of a cyber attack on my advice business
- Agree (78%)
- Not sure (17%)
- Disagree (6%)
Loading ...See our report: Three Stages of Cyber Security
“Since 2019, we’ve seen some very high-profile ransomware attacks that have resulted in significant financial losses,” states the report.
“The extensive publicity surrounding these attacks likely resulted in many organisations investing in their security and preparing for potential ransomware attacks.”
Survey participants were from the US, Australia, India, and Europe.