UK firms reluctant to report ransomware incidents, says study

A recent report by Illumio indicates a significant reluctance among UK organisations to report ransomware incidents, with 73% hesitating to involve law enforcement.

The study, conducted by the Ponemon Institute and sponsored by Illumio, highlights the disruption and financial losses caused by ransomware attacks on UK businesses. It reveals that 62% of UK companies faced operational shutdowns following such incidents. Additionally, 41% reported a loss of customers, 37% were forced to eliminate jobs, and 34% experienced considerable revenue losses.

The report, titled "The Global Cost of Ransomware Study," examines how ransomware is affecting businesses and what strategies are being employed to mitigate these threats. Notably, 23% of critical systems have been impacted, resulting in an average downtime of 12 hours.

Containment and remediation efforts demand significant resources, with the report indicating an average deployment of 18.8 people working 126 hours each to manage a ransomware incident. Additionally, 36% of organisations cited substantial brand damage post-attack, surpassing costs related to legal and regulatory repercussions.

One of the study's critical findings is that investments in resilience measures are lacking, with 48% of respondents acknowledging an inability to swiftly identify and contain attacks. Only 35% have adopted microsegmentation, considered crucial for preventing breach spread.

Trevor Dearing, Director of Critical Infrastructure at Illumio, commented: "Ransomware is more pervasive and impactful than ever, but not all attacks need result in the suspension of operations or major business failure. Organisations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems should be non-negotiable. By containing attacks at the point of entry, organisations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage."

Despite efforts to bolster ransomware defences, vulnerabilities remain, particularly in cloud and hybrid environments. The report notes that these areas are considered most susceptible, with 34% of respondents citing visibility challenges as a significant barrier to incident response.

End-user devices, such as desktops and laptops, are frequently targeted, with 65% experiencing compromise. Phishing and software vulnerabilities serve as primary entry points. Furthermore, 56% of attacks were able to propagate across networks, often through weak passwords (53%), cached credential exploitation (28%), and unpatched systems (43%).

UK organisations allocate around 19% of their IT budgets to personnel and technology focused on ransomware protection, a figure reported to be less than other countries. Despite 81% experiencing attacks, 48% of respondents maintain confidence in their security measures.

However, the expectation that a full backup provides sufficient defence is proving unreliable. Only 14% of surveyed organisations were able to recover all affected data post-attack, highlighting a disconnect between confidence and practical recovery outcomes.

A further issue identified in the report is the reluctance to report ransomware incidents, with 73% of affected organisations refraining from notifying law enforcement. Concerns about publicising incidents (43%), payment deadlines (40%), and fear of retaliation (36%) were frequently cited reasons.

Regarding the human element, only 40% of respondents trust their employees to recognise social engineering, and insider negligence is a noted challenge during ransomware responses.

The adoption of artificial intelligence (AI) in fighting ransomware is also sluggish, with only 40% utilising AI specifically for this purpose, although 46% expressed concern over potential AI-generated ransomware threats.