Ransomware on the Rise (Again)


Ransomware has been a key issue for UK business for several years now and we have seen the landscape change from high volume attacks asking for relatively small ransom demands to a strategy which has seen the number of demands plateauing, but the amounts being demanded from companies that have been successfully penetrated increasing dramatically.

Ransomware on the Rise (Again)

Ransomware and the Russia-Ukraine War

During 2022 ransomware attacks appeared to have slowed down somewhat, probably as a consequence of the Russia-Ukraine conflict (as many of the groups historically involved in the proliferation of such attacks were based in these areas). However, cyber security experts and insurers are now reporting that during Q1 2023, ransomware is once again on the rise.

March 2023 increase in cyber attacks

According to the NCC Group’s March 2023 report:

  • Ransomware victims continued to rise with the highest of any month in the last three years
  • February to March 2023 exhibited a 91% increase (240 attacks to 459) and a 62% increase, year-on-year
  • Industrials remain the top affected sector

When considering cyber incidents, the perpetrators of this type of crime are not teenagers sitting in their bedrooms at home typing on a keyboard - they are multi-million pound businesses running very sophisticated software attempting many attacks against random targets simultaneously.

Questions to ask

Therefore, businesses should ask themselves how they would respond to a ransomware attack. Indeed, the first question they should consider is whether they have the expertise, and the second question is do they have the financial resource to deal with any kind of Cyber Incident in the first place? If the answer is “No” to either of these questions, then they should consider offsetting the risk to a specialist insurer.

Choosing your cyber cover

In terms of insuring against cyber risks, it is important that consideration is given to choosing a broker that truly understands the covers available and that businesses look at the depth of the cover available rather than simply the lowest premium available.  The ransomware limit available under the policy is therefore a very important element of the cover to consider.

This expertise will provide clear advice, particularly around onerous conditions which are prevalent with several insurers. It is no good having a policy if this won’t pay out in the event of a loss due to a simple breach of a condition which could have been avoided had the business received better advice.

One area that many businesses fail to consider is setting an appropriate indemnity period to cover the financial shortfall that an incident can trigger.  Some insurers offer extremely limited indemnity periods, it is therefore important that businesses engage with brokers that have good product knowledge and work with insurers providing good cover options.

Another area businesses should consider in terms of a cyber incident is how long will the effect be on the business, and the impact on the revenue / bottom-line. Whilst the actual costs of a cyber incident can be determined post-breach, the impact on the financial situation can continue for some time afterwards and may be less obvious as are any potential costs which may arise out of subsequent regulatory issues arising.

It is critical that businesses receive best advice around cyber security, risk management and the cover available to protect themselves against a severe threat that is again on the increase.