Why SMEs Might Be More Exposed to Ransomware Attacks
Encryption ransomware extortion is an increasingly common crime targeting businesses.
When under attack, a business will find its computer network locked by encryption software. This can result in employees unable to access the network, and customers or users unable to access the company's website.
The attackers demand ransom in exchange for decrypting the network, and often threaten to destroy data if the ransom is not paid.
Small and medium sized businesses (SMEs) are most commonly the victim of such attacks. Yet only around 16% of UK SMEs have bought a specific cyber insurance policy, according to the UK government's Cyber Security Breaches Survey 2020 — compared with 21% of large companies.
Cyber criminals often view SMEs as a soft target, due to their fewer resources to fight cyber-attacks and feeling less at risk – reflected in their lower uptake of cyber insurance.
SMEs can also be more exposed because attacks frequently occur overnight or on weekends, when the company network is monitored less and intruders have more time to install malicious software.
The ransom demanded in an attack may only amount to hundreds of pounds — although some run into tens of millions — but secondary costs are usually much larger, and often depend on the efficacy of the victim’s response.
Business interruption is usually the largest and most identifiable cost. Common estimates put business interruption losses a typically around five to ten times the ransom demanded, although they can run into millions of pounds.
In some sophisticated ransomware attacks, cyber criminals penetrate the network to steal an organisation’s data before demanding a ransom is paid, or risk seeing the data leaked publicly.
This type of data loss can result in millions of pounds in fines. Losing data could also deter customers from using or recommending the company.
If data was lost due to a ransomware attack, regulators would likely look more favourably at a company that purchased cyber insurance, as it shows more proactive risk management.