- Hiscox research shows that most companies that pay ransoms do not get their data back in full
- Victims also suffer reputational damage
- Many companies report losing customers and business partners
With ransomware attacks becoming increasingly common, a company’s response can be critical in recovering and mitigating the damage of the attack.
A new study by Hiscox has revealed a good reason not to pay attackers, as in the vast majority of cases, even when a ransom is paid, companies do not get their information back.
The company found that only 7% of companies fully recovered their data β and in fact, 1 in 10 of the companies paying the ransom still had their data leaked.
Call for ransom
Apart from the obvious consequences of financial loss and stress for those involved, ransomware attacks also affect the reputation of companies that fall victim.
The survey found that among those who experienced a ransomware attack in the last 12 months, a staggering 47% reported greater difficulty attracting new customers and 43% have lost customers.
“Hackers hold reputations for ransom – and no business is too small to be at risk,” said Alana Muir, Head of Cyber ββat Hiscox UK.
Most businesses are also concerned about this, with 61% of organizations believing that the reputational damage from a cyber attack would harm their business “significantly”.
By 2024, the study found that over a third (38%) of businesses that fell victim to a cyber attack also suffered bad publicity, resulting in damage to brand reputation, and 21% also lost business partners, showing just how damaging attacks can be be, even beyond the attack itself.
The news comes shortly after the UK government opened a consultation to consider banning the payment of ransoms by public institutions in the event of a ransomware attack, in efforts to make critical infrastructure a less attractive target and to disrupt criminals’ sources of income.
