Cybercriminals are becoming more aggressive, a recent report reveals. The report shows that cybercrime gangs are using even more sophisticated ransomware to extort millions from firms across the UK.
The average ransomware demand has also increased by 518% from $847,000 in 2020, to around $5.3 million in 2021, with the highest single demand sitting at $50 million. Ransomware payments have also increased by 82% since 2020 to a record $570,000 in the first half of 2021.
In response, Hiscox’s Cyber Readiness report shows that businesses are now devoting more resources to the cyber challenge than ever before. The average business surveyed now devotes more than a fifth (21%) of its IT budget to cyber security, a jump of 63%.
The pandemic has also played a part, with almost half of respondents saying they felt their organisation had become more vulnerable to cyber attacks since the start of the pandemic. This rose to 59% among businesses with more than 250 employees. But, there is a lack of knowledge among the smallest businesses surveyed. Just 31% identified the link between cyber vulnerability and Covid-19.
Hiscox’s report also showed that legal services ranked the 6th most exposed sector across 14 industry types against a threat of cyber crime, revealing that low cyber budgets and low implementation of cyber policies across the legal industry make it more exposed than that of the travel and leisure and manufacturing industries.
The Solicitors Regulation Authority (SRA)’s 2020 cyber review also highlighted that 60% of law firms believed that staff were the greatest cyber risk. Respondents felt that inexperienced or disgruntled members of staff could enable a substantial, business-threatening cyber-security breach, often compounded by poor system configuration or design.
To combat this, the SRA reported that firms had generally conducted cyber training with staff members, but disappointingly only 24 out of the 40 surveyed firms had kept records of staff training, which says the report, are “important and help firms to monitor and enforce future training requirements”.
The wider legal industry has responded to the rise in cyber attacks, particularly those involving ransomware, following attacks on Chambers in July, and has published guidance to help firms take precautions and protect against vulnerability.
The Bar Council said of the attacks on Chambers that the incident, “should act as a wake-up call for everyone to check the security of their information networks, and that their critical business interruption plans are up to date and effective”.
Gareth Wharton, CEO of Hiscox, commented:
“The growing prevalence of ransomware should drive home the commercial relevance of good cyber security. Ransomware attacks are not just IT events; they are business-impacting on multiple levels.”
“There is no doubt cyber security is a complex problem, but that doesn’t mean it is unmanageable. Today the risk is too high and too tangible for businesses and individuals to leave it in the ‘too difficult’ bucket. There is a genuine chance that one attack will put the whole business at risk. One-in-six firms targeted in the past year said an attack had threatened the viability of their business.”