One in six firms met the demands of hackers last year by paying out ransoms, according to the “chilling” findings of a report on cyber crime.
The annual Hiscox Cyber Readiness Report revealed that 6% of the 5,569 firms polled – and one in six of those attacked – had surrendered by paying a ransom following a cyber attack.
The highest losses for a single firm targeted with ransomware hit 50 million US dollars (£40.2 million).
The report also showed that total cyber losses surged 50% to nearly 1.8 billion dollars (£1.4 billion) in 2019.
Cyber losses per firm have risen nearly six-fold, from an average of 10,000 dollars (£8,041) a firm to 57,000 dollars (£45,832).
UK firms are now 15 times more likely to suffer a cyber attack than a fire or theft, the report suggests.
It revealed the biggest reported cyber loss among firms in the eight countries surveyed was suffered by a UK financial services firm, at 87.9 million dollars (£71 million).
The report also found the highest loss from any one cyber event was 15.8 million dollars (£12.7 million), involving a UK professional services firm.
It comes after a recent spate of cyber attacks on British firms, with foreign exchange giant Travelex becoming the victim of a high-profile hack at the turn of the year and reportedly paying out 2.3 million dollars (£1.8 million) in January to the notorious REvil ransomware gang.
The New Year’s Eve attack left its systems down for weeks, forcing the group to resort to pen and paper across its branches.
But while cyber attack losses rose last year, the Hiscox report also showed that firms are upping their defences against hacks, with spending on cyber security rising 39%.
And the proportion of businesses targeted by cyber criminals fell from 61% to 39%.
Gareth Wharton, Hiscox Cyber chief executive, said: “The number of businesses that have paid a ransom following a malware infection is chilling.
“There is, however, one very positive message from this year’s report – there is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending.
“Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.”
The study surveyed companies across the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.
It found average spending in the UK rose from just under 900,000 US dollars (£724,000) last year to 1.5 million US dollars (£1.2 million).
Hiscox also warned there were new cyber threats emerging from the coronavirus crisis, with a ramp-up in so-called phishing scams and as staff and companies are leaving themselves vulnerable due to less-secure home working computers.
Mr Wharton said: “As companies roll out working from home, potentially less secure devices are being connected to corporate networks.
“Rapidly rolled out remote access solutions may lack the thorough security testing that would have taken place in more stable times.”