For years now, the frequency and severity of ransomware attacks on businesses have only been going in one direction.
In 2015, global ransomware damage costs amounted to $325 million. In just 6 years that figure has grown 57 times over to a whopping $20 billion. By 2031, it’s predicted we could be looking at a global ransomware bill of $265 billion.
Accenture’s Ransomware Response and Recovery report identified a 160% year-on-year increase in ransomware incidents in 2020, with very little sign of easing in the first half of 2021.
Ransomware attacks are where hackers take control of systems and data and then demand a ransom from organisations to have them unlocked again.
But the cost of paying the ransom is usually only the tip of the iceberg. There are other costs related to losing valuable data including service interruption, loss of income, reputational damage, and possible legal and regulatory penalties.
And cyber criminals aren’t just attacking big corporations with the deepest pockets – public sector organisations and education providers are just as much in the line of fire.
Universities and colleges, for example, are now becoming key targets. The National Cyber Security Centre (NCSC) is currently investigating a steady rise in attacks across the higher education sector in the past 12 months.
These institutions store personal data for thousands of students and can also hold highly restricted research material, so a breach to their systems has the potential to be very lucrative for cyber criminals.
Local authorities are regularly getting caught out too. A recent study by Red Scan indicated local authorities reported two data breaches per day in 2020 to the Information Commissioner’s Office (ICO).
The ransomware attack on Hackney Council was probably the most high profile incident in 2020. The breach caused many critical services to close in October and the council was still feeling the impact of the breach back in July 2021 – council workers have been struggling to catch up on the backlog of work the interruption caused and some systems were yet to be fully back up and running.
Strategic Director Rob Miller said it could be as long as a year before technology used to issue payments for housing benefits is back to normal.
This event is a perfect example of the snowball effect ransomware attacks can cause. It’s not just the impact on the organisation itself but the members of the public who can’t access vitally important services. And when it comes to housing benefits, it’s not just a service but a means to survive.
What’s even more concerning about cyber-crime nowadays, is that ‘off the shelf’ tools are allowing criminals with very little technical expertise to commit these crimes. Pre-coded malware and everything else they need to get started are readily available to purchase on the dark web.
So in a world where everyone can now be a potential offender, it’s really no wonder ransomware attacks are showing no sign of slowing down.
Now more than ever, public service providers need to seriously consider cyber insurance as part of their risk management strategy. But there are also some key steps they always need to stay on top of to help protect themselves:
Get the basics right – make sure your cyber security is up to date and promote best practice around the organisation. Simple things like using complex passwords and limiting the number of people who have access to sensitive accounts go a long way to making your systems harder to breach.
Keep reviewing and refreshing your defences – cyber-crime is always changing, so it’s important you regularly review your defence mechanisms. It allows you to stay on top of potential vulnerabilities and better protect your people, systems and sensitive data.
Train your employees – it’s easier for your employees to avoid attacks when they know what they’re looking for. Regular training programmes and awareness campaigns can sure up your defences and make sure everyone’s tuned into potential threats when they happen.
Make sure everyone’s up to speed – everyone in your organisation is a target. Cyber-crime is no longer just a job for the IT department to manage. From legal to communications to senior management and everyone in between – having all of your people on the same page makes you more resilient and better equipped to respond to potential threats.
We can help with cyber cover
At RMP, we’ve partnered with Pen Underwriting on their cyber insurance product and we’d be happy to talk you through the scope of cover in more detail. For more information, you can get in touch with us at: firstname.lastname@example.org.
Published date: 21st September 2021
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority.
Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW.
Registered in England and Wales. Company no. 2989025