Member Article

Ransomware is Costing UK Companies £346 Million Per Annum to their Bottom Line

*Research reveals 40% of mid-large UK businesses suffered on average five ransomware attacks in the last year *

Independent research among UK businesses of 1,000 or more employees reveals that ransomware cost mid to large British businesses £346 million* to their bottom line last year. The independent research by Vanson Bourne revealed 40% of UK companies reported an average of five attacks, costing them individually £329,976 per annum. The research, commissioned by SentinelOne, the pioneer in delivering autonomous AI-powered security was part of an international survey of 500 businesses in the UK, France, Germany and USA which reveals that ransomware is costing individual businesses around the globe an average of £591,238 per annum.

The research, carried out in February 2018 among security and risk professionals responsible for the IT security in their businesses, compared results with a similar survey carried out in 2016. Results show that the overall percentage of companies experiencing ransomware has increased from 48% in 2016 to 56% in 2018, however the average number per year has fallen from six to five attacks. The amount of time spent decrypting ransomware attacks has also increased from 33 to 40 man-hours. The study also reveals that employees are considered the major culprits responsible for introducing the malware into the business - with 1 in 2 respondents blaming them for the infection. This was further supported by the fact that phishing, which seeks to socially engineer employees, was the top attack vector by which ransomware infiltrated the business in 69% of instances.

On a more positive note 92% of security professionals feel confident in their ability to combat ransomware in the future. The biggest reason for their optimism is the move from legacy anti-virus signature-based vendors to next-generation technologies Another notable difference between the 2016 and 2018 research is the likelihood the company will pay the ransom, which has dropped from 40% in 2016 to 32%.

The research reveals significant differences between countries’ responses to ransomware. The UK is the most resolute, both in refusing to pay ransom demands, as well as the most effective in combatting them. They experience the fewest number of attacks: 40%, versus 70% in Germany, 59% in France and 55% in the USA and enjoy a 43% success rate in successfully defending against attacks. However, in the UK, ransom payments have almost disappeared entirely, with just 3% of ransom demands being paid today, against 17% in 2016. British companies also pay the lowest amount of ransoms: those choosing to pay up had spent on average £27,500 in ransoms versus a global average of £34,800 in the last twelve months, down from £45,000 per annum in 2016.

Commenting on the findings Migo Kedem, Director of Product Management at SentinelOne says: “It’s staggering to see the cost to British businesses of £346 million. This figure shows that businesses are becoming increasingly aware that it’s not just the ransom demand, but rather the ancillary costs of downtime, staff time, lost business, as well as the data recovery costs and reputational damage that are the biggest concern to British businesses.”

He adds, “On a more positive note, it’s good to see CISOs feeling more bullish about their ability to tackle ransomware using the latest behavioural AI-based end-point technology. It’s also encouraging to see a clear movement against companies caving in to ransomware demands, preferring instead to take more proactive measure such as back-ups and patching of vulnerable systems. However, the volume of ransomware attacks is still increasing and their speed, scale, sophistication and success in evading detection with the growth in file-less and memory-based malware, explains why ransomware will continue to be a major threat to CISOs in 2018 and beyond.”

This was posted in Bdaily's Members' News section by SentinelOne .