SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
UK businesses defy policies to pay ransomware attacks at alarming rate
Wed, 31st Jan 2024

A shocking 97% of UK businesses have paid ransoms following ransomware attacks in the past two years, in spite of having policies against such actions. This alarming statistic is revealed in the latest research by Cohesity, an appointed authority in AI-powered data security and management.

The comprehensive research analysed responses from more than 900 IT and Security leaders across the US, UK, and Australia. It unearthed the startling reality that a vast majority of companies are paying off cybercriminals, violating their own 'do not pay' policies. This disturbing fact lays bare the urgency of the 'when, not if' reality of cyberattacks that the modern-day corporates are grappling with.

During the recent half, between June and December, 83% of companies have fallen prey to ransomware attacks. The study further reveals that as many as 95% of respondents foresee a significant escalation in the threat of cyberattacks for 2024 as compared to 2023. Additionally, nearly three quarters (73%) of companies are willing to part with over £2.4 million if it means the recovery of their lost data and restoration of business processes.

This crisis exposes gaping chasms in firms' abilities to achieve the needed recovery times in order to sidestep serious disruption. James Blake, Global Head of Cyber Resiliency GTM Strategy at Cohesity, sheds light on this. He says, "The figures in the survey show huge deficiencies in an organisation's ability to achieve the required recovery times to avoid significant disruption." He also highlighted that the payoff in ransomware attacks often results in some degree of data loss.

Another pertinent concern raised by the research highlights the need for accountability at the executive level on matters of data security risks and attacks. A worrying 31% of respondents reported that their senior and executive management fully comprehend the intense risks and daily challenges surrounding data protection, security, recovery, and management. Responses point towards the leading concerns about successful data breaches or cyberattacks being brand and reputational damage, long-term operational outcomes, projects, a direct hit to revenue, and a loss of stakeholder trust.

Sanjay Poonen, CEO and president of Cohesity, accentuated the necessity of cyber resilience and data security for organisations. He stated that the impact of a successful cyberattack or data breach on business continuity, revenue, brand reputation, and trust "is enough to keep all business, IT, and Security leaders awake at night."

The study further articulates that despite concerted efforts from governments and public institutions to enforce cyber resilience and data security best practices, 46% of respondents affirmed that these measures only partly influence their data security and management directives. Among the influences noted, the National Data Strategy (NDS), Consumer Data Right (CDR), the Data Protection Act 2018, and UK Cloud Security Principles were the most impactful.