Two-fifths of UK firms have been hit by ransomware over the past year, and although they were the least likely to pay a ransom globally, those that did paid out some of the highest sums, according to CrowdStrike.
The security vendor polled 2200 senior IT decision makers and IT security professionals globally, including 200 in the UK, to compile its 2020 Global Security Attitude Survey.
The large numbers infected by ransomware over the past year could be a result of the pandemic, which has created security gaps as organizations focused on digital transformation to support remote workers.
In fact, 63% of UK respondents agreed that they’re at greater risk of attack due to the crisis. The average amount of time it takes UK organizations to detect a security incident increased by 56% from 2019 to 61 hours, giving attackers a bigger head start.
It’s also notable that nearly half (48%) of UK respondents said COVID-19 has accelerated their digital plans by six months, the third highest in Europe. These efforts can also expand the corporate attack surface, especially when only a fifth (21%) said they had modernized their security tools accordingly.
The good news is that just 13% of attacked firms in the UK pay a ransom, the lowest of any country and less than half the global average (27%).
CrowdStrike’s EMEA CTO, Zeki Turedi, claimed this may be a reflection of the improved incident response capabilities of British firms.
“In the UK, we have a very mature process when it comes to handling cyber-incidents,” he told Infosecurity.
“Companies are more likely to contact their insurance provider or legal team who will work with a pre-approved incident response company to help them investigate and remediate the threat.”
However, the average penalty paid by British firms was £940,000, significantly more than in France (£560,000), Germany (£800,000) and Italy (£300,000).
This could be a reflection of the relative wealth of these victim companies, or the growing trend for attackers to steal sensitive corporate data whilst encrypting files.
“E-crime actors have started using data extortion as part of their tactics. One example is PINCHY SPIDER, which will extort confidential and sensitive information before deploying REvil. Recently we have also seen the same actor auction off stolen information in cases when they could not retrieve payment,” continued Turedi.
“The thinking and approach to ransomware has to change. It is no longer just about being able to recover from an attack, but making sure it does not happen in the first place."
The full report can be found here.