- Hiscox study reveals that most companies that pay ransoms do not recover their complete data
- Victims also suffer reputational damage
- Many companies report the loss of customers and business partners.
As ransomware attacks become more common, a company’s response can be crucial to recovery and mitigating the damage of the attack.
A new Hiscox study has revealed a good reason not to pay attackers: in the vast majority of cases, even when a ransom is paid, companies do not recover their information.
The company found that only 7% of companies recovered their data in full, and in fact, 1 in 10 of the companies that paid the ransom still had their data leaked.
Reputations to rescue
Aside from the obvious impacts of financial loss and stress for those involved, ransomware attacks also affect the reputation of the businesses that fall victim.
The study found that among those who suffered a ransomware attack in the last 12 months, a staggering 47% reported increased difficulty attracting new customers and 43% lost customers.
“Hackers demand ransom for their reputation, and no business is too small to be at risk,” said Alana Muir, head of cyber at Hiscox UK.
Most businesses are concerned about this too: 61% of organizations believe reputational damage from a cyberattack would “significantly harm” their business.
In 2024, the survey found that more than a third (38%) of companies that were victims of a cyberattack also suffered bad publicity resulting in damage to brand reputation, and 21% also lost business partners, which demonstrates how damaging attacks can be, even further afield. the attack itself.
The news comes shortly after the UK Government opened a consultation to consider banning ransom payments by public institutions in the event of a ransomware attack, in an effort to make critical infrastructure less of a target. attractive and disrupt criminals’ sources of income.
