During the COVID-19 pandemic, small to midsize enterprises (SMEs) have increasingly fallen victim to ransomware attacks. But how are these businesses faring under this growing threat and what steps should they take to prevent themselves from losing data and money in these attacks?
In this article
In October 2021, Sir Jeremy Fleming, the head of the UK spy agency GCHQ, disclosed that ransomware attacks on British institutions had doubled over the year. However, it is not just institutions that have been suffering these occurrences. Cyberattacks have been a growing threat for SMEs for years, and these threats have grown during the COVID-19 pandemic. Ransomware attacks are increasing too. According to Capterra’s research, 44% of UK SMEs have experienced a ransomware attack since the pandemic started.
Ransomware, used by cyber attackers to lock files and data on a victim’s computer and demand payment for their release, can affect SMEs by:
- Compromising sensitive data
- Causing financial and operational losses
- Affecting reputation
This data comes from our survey of more than 230 IT professionals on their experiences with ransomware attacks before and since the outbreak of COVID-19. We wanted to find out whether SMEs were better prepared to tackle ransomware attacks and learn more about the measures they are deploying to prevent these attacks in the future.
Participants represented small businesses (ranging between 2 and 250 employees) from various industries. Find the detailed methodology at the bottom of this page.
- Ransomware attacks on SMEs have increased since the pandemic
- 59% of businesses who have been victims of ransomware attacks have paid the ransom fee
- 56% of respondents believe that a ransomware attack can be very critical to their business integrity
- 98% of companies surveyed took measures after suffering ransomware attacks
SMEs are increasingly becoming victims of ransomware
With 51% of respondents to our SME survey reporting that their company has faced at least one ransomware attack, the idea that security threats are focused solely on larger enterprises can be dismissed. The results show that small and medium enterprises must also be prepared to counter the threat of ransomware.
Our survey showed that 98% of companies took measures after suffering ransomware attacks, with 53% installing antivirus software. More than half of the respondents (52%) improved the security of their endpoint devices and 43% installed anti-malware software.
Prudent as it may be, it also shows that SMEs can often act late to counter the risks of these occurrences —being more reactive than preventive. This can raise the issue of whether SMEs are struggling to keep up with the high pace of digital infrastructure adoption and deploy the right cybersecurity tools. Reassuringly, only 2% made no change, regardless of the attack.
COVID-19 has accelerated the risk of ransomware attacks
Before COVID-19, 35% of SMEs had already suffered ransomware attacks. However, our survey shows that there has been an increase in ransomware attacks on smaller businesses since the start of the pandemic, with 44% of respondents suffering attacks during this period. An additional 21% received attacks both before and after the outbreak of COVID-19.
Regardless of whether this is due to a rise in remote communication and digitalised processes, the risk of ransomware attacks has gone beyond affecting larger enterprises to targeting all types of businesses that are now part of the digital landscape. With companies leveraging technology to survive in this new environment, SMEs will need to revise their cybersecurity capabilities and policies to safeguard themselves.
The use of phishing in ransomware attacks
Phishing is the most common type of cyberattack and occurs when you receive a generic email that appears to be from a reputable company but which is an attempt to trick you into clicking a link or opening a file. A survey by the National Cyber Security Centre (NCSC) showed that 91% of UK companies experiences at least one successful email-based phishing attack last year, with 84% reporting email-based ransomware attacks.
Staff can be trained to look out for signs of suspicious phishing emails and to report them. They should watch out for:
- Spelling and grammar errors within the text
- Unofficial sender addresses
- Offers or proposals that sound too good to be true
- Suspicious attachments or links
The stakes are high for SMEs
A breakdown of our survey results found that only 2% of the respondents have not taken measures after receiving a ransomware attack. Most of the survey participants told us they feel their company is now ready for hypothetical threats of this kind. Given that the vast majority had implemented changes after being hacked, it may ring true, but the stakes are high for those who are not prepared.
Unfortunately, businesses often cede to an attack. 59% of companies that have been victims of ransomware paid the ransom fee, according to the IT staff surveyed. What is worse, 37% of those who paid “did not get some” or “did not get any” of their data back. But, regardless of whether these companies retrieved their data or not, 93% had to pay more than £8,400 to take that risk. This may not seem much for a larger enterprise but can be a significant amount for smaller businesses.
Some businesses still prefer to take the risk and not pay the ransom. Sometimes it has fared well for them, with 38% deciding to not pay any ransom and still recovering their data. However, for the 3% who lost their data after deciding to not pay the ransom, the outcome was not the best-case scenario.
Among those surveyed who suffered attacks, ransomware caused financial losses that exceeded £42,000 in 77% of cases. Financial losses, however, are only part of the negative outcomes of negotiating or paying ransoms. One in four of all the IT staff surveyed (27%) think that the biggest risk of paying a ransom should an attack occur is that it does not guarantee the data will be released back. The same number fear that giving in to the cyber attacker’s demands will leave their organisation vulnerable to future attacks.
These attacks can be a serious disruption for SMEs. Ransomware attacks can also affect company revenues and continuity, along with having reputational impacts. Whether it is due to the ransom fees being paid or the losses resulting from the downtime while their organisations are under a cyberattack, businesses need to react quickly, and at any given time, when falling victim to a ransomware attack. It is fortunate then that 75% of respondents stated that their companies were prepared to combat ransomware on bank holidays and weekends.
Did you know? Ransomware can be divided into two types:
- Locker ransomware: A type of malware that blocks basic computer functions and locks users from their devices.
- Crypto ransomware: A program that encrypts valuable data, like documents and videos, without locking a user from their device.
SMEs should be proactive and not just reactive to ransomware
This recent survey shows that while ransomware attacks have increased during the pandemic, more than half of the companies have bitten the bait and paid the ransom. This has happened despite the reputational risks and financial burdens these actions can cause.
However, every cloud has a silver lining, and businesses are increasingly becoming reactive to these attacks. 82% have a continuity plan should a ransomware attack occur, while 41% have both online and offline data backup infrastructures to retrieve data should a ransomware attack take place.
Why should you have online and offline data backup infrastructure?
Online data backup: Uses cloud-based storage systems to store data backups and can provide encrypted data storage. This does not require any physical storage media like USB drives. All you need is an active internet connection and a computer to perform a backup.
Offline data backup: Uses physical hardware like pen drives, external hard disks, or memory cards to backup data. It helps businesses restore data cleanly in case of ransomware attacks, and these devices can be quickly disconnected from networks in case of attacks. However, they can be easily lost or damaged.
Incorporating both types of infrastructure helps protect your data from both online and offline risks.
While a previous survey conducted in April 2020 showed that only one in five remote employees had received security training, it appears SME staff are now being trained to recognise and flag potential ransomware attacks. According to our respondents, 91% of their companies provide regular or occasional training to their staff. As a result, respondents said 94% of employees know who to report the incident to if a ransomware attack were to occur, and 49% of IT professionals state that their company would detect a ransomware attack within hours.
Nonetheless, businesses that have not experienced ransomware attacks should be prepared to combat them and have the proper cybersecurity, network security and computer security measures. As this survey shows, paying out ransoms does not guarantee the successful retrieval of data or that a business will not be attacked again.
Steps to reduce the risk of ransomware attacks
- Train employees on data protection, browsing practices, and ransomware detection
- Secure and encrypt internet connections and networks
- Install updated antivirus and anti-malware solutions
- Keep operating systems and software up-to-date
- Manage your assets to know what data systems you have and what business need they support
- Use multi-factor authentication
It is important for business owners to be proactive and prevent ransomware by encouraging well-defined cybersecurity strategies, carrying out staff training and allocating the right resources to cybersecurity and business continuity software to ensure that, in the worst-case scenario, critical business data is safe and that SMEs can continue operating despite a ransomware attack.
To collect this data, Capterra interviewed 234 professionals from 2nd March 2022 to 8th March 2022. The surveyed candidates had to fulfil the following criteria:
- UK resident
- Between the ages of 18 and 65
- Employed full- or part-time at a company with 2 to 250 employees
- Work in the IT department of their company
- Able to identify the definition of ransomware as “Malware that locks files or computers and asks for money to unlock them”.