UK Ransomware 2022 Update

Sophos Ransomware UK Report 2022

State of cyber security risks impacting UK businesses

As the ongoing threats continue and evolve, ransomware continues to be one of the more prominent challenges to businesses. Information Solutions as a Sophos partner has reviewed their latest report on how this is impacted particularly UK organisations.

Here are the findings:

57% of UK organizations were hit by ransomware in the last year

The results show a considerable increase from the 35% that reported an attack in 2020. Globally, 66% of those surveyed experienced a ransomware attack, compared to 37% in 2020.

This illustrates the rate of attacks continue to increase both within the UK and globally and details show the attempts continue to vary in complexity. The data has also shown a change in targets with smaller businesses becoming more common victims. This is likely due to the perceived smaller scale of security and training in place leading to being considered easier to impact at scale.  

57% of attacks resulted in data being encrypted

This means of those organisations affected, 57% had their data access removed due to encryption set by the attacker. Still considerable, but slightly lower than the global average of 65%. 100% of those whose data was encrypted, did get some of the data back but the UK on average recovered far less data overall that seen globally.

Backups are the top method for restoring data of which 81% of UK businesses used to recover. The scale of backup and frequency of backup creation was in part recognised as a contributor to limited volume of data recovery.

40% of those affected chose to pay the ransom

However, of the organisations that paid the ransom the data retrieved equated to on average just 56% of what was once stored. Globally this was marginally higher at 61%. This illustrates that though ransom payment can be moderately effective, investing in a more robust backup protocol and multiple recovery methods in parallel is the more effective action.

Of the UK organisations who disclosed the ransom amount, the average demand costs equated to £138,000.

Total cost of recovery in 2021 for UK businesses effected was in excess £890,000

This value is not the cost of the ransom itself, but for the resource, tools, and time to recover from an attack. Any attack will likely cause disruption to any organisation of any size. 93% of organisations confirmed the attack impacted their ability to operate with the average time to recover equating to one month.

Such disruption to operations also led to 87% of those attacked reporting a loss of business and/or revenue until recovered.

77% of UK organisations have now invested in cyber insurance

The effects and scale of ransomware has now become so impactful, organisations are even investing in cyber insurance – a new product to cover many of the risks, effects and impacts of a cyber-attack including ransomware. Such policies due to the scale of risk increasing are likely to become a further financial burden to businesses but are also driving the need for organisations to invest in better cyber security investments.

As with any insurance provider, there is a benchmark of measures and experience considered for any policy which in turn, is driving investment in data security.

What can your organisation do to face the challenges of ransomware?

As the challenges continue to growth both in the UK and globally to cyber security, it is essential for all organisations to seek to optimise their security digitally and through training. Here are the top tips from Sophos:

  • Invest in high quality defences across all business environments. Review your security controls regularly and ensure they still meet your needs.
  • Be proactive. Don’t wait for an attack to happen, seek out threats and implement preventative measures. If your organisation does not have the resource to sufficiently do this, consider outsourcing to a specialist.
  • Identify vulnerabilities and act on them. Unpatched or out of date software, unprotected machines and other security gaps will leave you open to attack. A detection process such as Remote Monitoring and Management software can help identify and act promptly.
  • Create backups and a robust process to create and restore them. The goal of this will be to minimise disruption which as seen in the report was one of the most effective steps should an attack occur. This will also help support your disaster recovery plan – another essential tool for any business.
  • Prepare for the worst – an attack is still likely but having a clear plan on what to do and who to contact which is reviewed regularly is an essential tool for recovery.

Best Practice Guidance

In addition to operational based actions outlined by the Sophos report, we understand it can be challenging to understand what is considered best practice and value. Information Solutions also advise the following to further support your cyber security needs across the organisation which are applicable regardless of scale.

Benchmark your data security with Cyber Essentials

Cyber Essentials certification is a nationally recognised accreditation for data security for any organisation. Providing a clear outline of benchmarks, best practice guidelines, policy and procedure considerations and empowering through identifying tools and techniques it helps ensure your organisation security is optimised.

Information Solutions can help you navigate how to achieve this and support any procurement needs.

Most importantly, it’s a group effort – train and test your team

The threat and means of attack continue to increase as do the methods to exploit. You may know how to identify attack attempts and what to do should they occur, but does your team?

Phishing emails for example continues to be one of the biggest contributors to vulnerabilities and though simple in nature, are most often due to at least one individual not recognising a potentially malicious email. Information Solutions can help you with a real time testing to both help your organisation recognise such risks, but also what to do when identifying the risk.

Speak to the team for further advice or a free quote: