View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 12, 2018updated 13 Feb 2018 4:27pm

Ransomware downtime costs European SMBs £71 million

The ransomware crisis is ongoing and businesses of all sizes are at risk, legacy anti-virus just does not cut it anymore.

By Tom Ball

A towering sum of £71 million was lost by European SMBs due to ransomware downtime between 2016 and 2017, proving that businesses of all sizes suffer the effects of cybercrime.

The problem is being perpetuated by the fact that these businesses believe the best option in terms of downtime is to pay the ransom, with 21 per cent of SMBs just handing over the money. Crucially, 18 per cent still do not regain data access.

Also adding fuel to the fire of the ransomware problem, less than 33 per cent of attacks are reported to the authorities, this is believed to be out of fear of revealing the breach.

Data protection firm, Datto Inc, is behind these findings, also noting that the average ransom request has been between £350 asnd £1407.

Mark Banfield, SVP at Datto, said: “The impact of ransomware can be threefold. The combined cost of the ransom, downtime and any reputation damage suffered can have a potentially business-threatening effect on a SMB, so there needs be a greater understanding around it. This can be helped by encouraging victims to report attacks. Providing authorities with real-life data that can be used to improve general awareness, prevention, detection and prosecution of perpetrators.”

The report also outlines the driving reasons that ransomware has been so successful, identifying that 45 per cent of respondents stated said a lack of cybersecurity training was to blame, with 42 per cent pointing to phishing emails.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Criminals stashing billions in cryptocurrency – Europol
Internet gang indicted over $530m cybercrime campaign
Mimecast Chief Trust Officer: Revealing the hidden risks of GDPR

“It’s also alarming that a lack of cybersecurity training is cited as a reason for ransomware’s growing effectiveness. Many SMBs take their chances by not even providing basic training, but this simply increases the chances of phishing emails and other social engineering attacks being successful. Businesses must teach employees to identify the red flags,” Banfield said.

Another important revelation made by the report is that 94 per cent of those hit by ransomware had anti-virus software in place, making it clear that legacy forms of protection are no longer viable in defence against today’s threat landscape.

“Defending against ransomware requires a multi-layered cybersecurity strategy. No single defence is enough – as proven by the number of attacks despite antivirus being in place. Cybersecurity training needs to be combined with malware blockers and detectors, with a reliable BDR providing the last line of defence. When SMBs take regular snapshots of networks, they are able to simply spin up systems from a healthy point should a ransomware attack take hold. Critically, this mitigates having to pay the ransom and the downtime suffered from not having access to critical data.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.