Cohesity Research finds UK organisations at risk of increased ransomware by rewarding criminal gangs

Cyber ​​​​resilience research commissioned by Cohesity, a leader in AI-driven data security, reveals the true cost of ransomware to finances and operations, and why overconfidence may be the culprit. The Cohesity Global Cyber ​​​​Resilience Report 2024 surveyed more than 3,100 IT and security decision makers in eight countries about the impact of cybercrime and their ability to resist attacks, revealing a rise in threats and a trend toward ransom payments.

95% of UK respondents said cyberattacks are on the rise, a fact supported by over half of UK respondents (53%) reporting a ransomware attack in 2023. This is a sharp increase from the 38% of UK respondents who reported a ransomware attack the year before. 74% of UK respondents surveyed said they would pay a ransom to recover their data following an attack, with 59% of UK respondents having paid the ransom the year before. Only 7% of UK respondents ruled it out, despite 2 in 3 (66%) having clear rules not to pay.

The willingness to pay the ransom highlights a mix of ignorance and overconfidence when recovering from a ransomware attack: 71% of respondents in the UK are confident in their company’s cyber resilience strategy and ability to address today’s increasing cyber challenges and threats. However, recovering from ransomware is significantly more difficult than paying the ransom and assuming your data will simply be decrypted and restored. This dichotomy begs the question: are respondents’ cyber resilience and recovery plans really fit for purpose?

“Once again, we’re seeing a disconnect between expectation and reality when it comes to recovering from a cyberattack,” said James Blake, Global Head of Cyber ​​​​Resiliency Strategy at Cohesity. “We live in a ‘when’ rather than ‘if’ world, and it seems many IT and security professionals are confident that they can only recover data if they pay the ransom. Paying the ransom rarely results in the recovery of all data. It comes with its own logistical challenges and potential criminal liability for paying sanctioned entities — not to mention rewarding criminals. It’s time to truly focus on resilience and break the cycle.”

Cost of Ransomware

The costs can be staggering, with UK respondents paying an average of £870,000, with two respondents paying between £10 million and £20 million. Globally, Cohesity’s data shows that 5% of businesses paid more than £10 million, with one organisation surveyed admitting to paying more than £20 million in ransom. According to Chainalysis, it was estimated that ransom payments would reach at least $1.1 billion in Bitcoin by 2023.

The problem isn’t limited to the UK. In fact, the UK is well below the global average. Cohesity’s global data revealed that 67% of respondents had fallen victim to a ransomware attack in the past 12 months, with France being the hardest hit with 86% of respondents. Globally, a whopping 83% would pay the ransom – again, France was the highest, with 97% of respondents admitting they would pay. Interestingly, the data shows a clear correlation between countries that would pay the ransom and those reporting the most incidents of ransomware attacks and an increase in cyber threats.

Consequences of paying the ransom

The trend towards increasing reliance on ransom payments also highlights a worrying lack of awareness about the long-term effects of rewarding criminal gangs and the immediate recovery of data following a ransomware attack.

By allowing gangs to profit from their crimes, you are only making the problem worse. Ransomware becomes a form of commerce, attracting more players and allowing for investment in resources, increasing the threat.

Data also shows that only 4% of respondents recover all of their data, while the value of the recovered data is a complete lottery. Likewise, it is a logistical nightmare because the distribution of keys from the ransomware gangs is a rushed, haphazard process that was never designed for quality and reliability. Organizations often take months to recover and may have vulnerabilities unpatched, leaving a backdoor open for further ransomware attacks. Not only this, but making payments can be illegal in some cases and often voids insurance policies, while being completely unethical.

Cyber ​​resilience – defined as a business’s ability to recover their data and restore business processes following a cyberattack – remains a clear challenge, with less than 2% of respondents able to recover data and restore business processes within 24 hours; 1 in 4 (23%) able to recover within 1-3 days; while 19% need anywhere from 3 weeks to 2 months. This highlights a further failure to adequately test security and recovery: only 70% of UK organisations surveyed had stress tested their data security, management and recovery processes in the past 12 months, compared to a global average of 87%.

“Cyber ​​resilience is critical because the incentive and motivation of attackers are so high, with attack surfaces that are incredibly large, so a reliance on protective controls is unrealistic,” said James Blake. “Destructive cyber attacks severely disrupt an organization’s ability to deliver its products and services, impacting revenue, reputation, their downstream supply chain and customer trust. This risk must be at the forefront of the priorities of business leaders, not just IT and security leaders. Similarly, regulation and legislation should not be viewed by businesses as the ‘ceiling’ but instead as the ‘floor’, both when developing cyber resilience and when adopting data protection or recovery capabilities.”