How prepared are SMEs for ransomware attacks?

Published on 13/04/2022 by Eduardo Garcia

During the COVID-19 pandemic, small to midsize enterprises (SMEs) have increasingly fallen victim to ransomware attacks. But how are these businesses faring under this growing threat and what steps should they take to prevent themselves from losing data and money in these attacks?

Are SMEs prepared for Ransomware attacks?

In October 2021, Sir Jeremy Fleming, the head of the UK spy agency GCHQ, disclosed that ransomware attacks on British institutions had doubled over the year. However, it is not just institutions that have been suffering these occurrences. Cyberattacks have been a growing threat for SMEs for years, and these threats have grown during the COVID-19 pandemic. Ransomware attacks are increasing too. According to Capterra’s research, 44% of UK SMEs have experienced a ransomware attack since the pandemic started. 

Ransomware, used by cyber attackers to lock files and data on a victim’s computer and demand payment for their release, can affect SMEs by: 

  • Compromising sensitive data 
  • Causing financial and operational losses 
  • Affecting reputation 

This data comes from our survey of more than 230 IT professionals on their experiences with ransomware attacks before and since the outbreak of COVID-19. We wanted to find out whether SMEs were better prepared to tackle ransomware attacks and learn more about the measures they are deploying to prevent these attacks in the future. 

Participants represented small businesses (ranging between 2 and 250 employees) from various industries. Find the detailed methodology at the bottom of this page. 

Key takeaways: 

  • Ransomware attacks on SMEs have increased since the pandemic 
  • 59% of businesses who have been victims of ransomware attacks have paid the ransom fee 
  • 56% of respondents believe that a ransomware attack can be very critical to their business integrity 
  • 98% of companies surveyed took measures after suffering ransomware attacks 

SMEs are increasingly becoming victims of ransomware 

With 51% of respondents to our SME survey reporting that their company has faced at least one ransomware attack, the idea that security threats are focused solely on larger enterprises can be dismissed. The results show that small and medium enterprises must also be prepared to counter the threat of ransomware.

Our survey showed that 98% of companies took measures after suffering ransomware attacks, with 53% installing antivirus software. More than half of the respondents (52%) improved the security of their endpoint devices and 43% installed anti-malware software. 

Prudent as it may be, it also shows that SMEs can often act late to counter the risks of these occurrences —being more reactive than preventive. This can raise the issue of whether SMEs are struggling to keep up with the high pace of digital infrastructure adoption and deploy the right cybersecurity tools. Reassuringly, only 2% made no change, regardless of the attack. 

COVID-19 has accelerated the risk of ransomware attacks 

Before COVID-19, 35% of SMEs had already suffered ransomware attacks. However, our survey shows that there has been an increase in ransomware attacks on smaller businesses since the start of the pandemic, with 44% of respondents suffering attacks during this period. An additional 21% received attacks both before and after the outbreak of COVID-19. 

Regardless of whether this is due to a rise in remote communication and digitalised processes, the risk of ransomware attacks has gone beyond affecting larger enterprises to targeting all types of businesses that are now part of the digital landscape. With companies leveraging technology to survive in this new environment, SMEs will need to revise their cybersecurity capabilities and policies to safeguard themselves. 

The use of phishing in ransomware attacks

Phishing is the most common type of cyberattack and occurs when you receive a generic email that appears to be from a reputable company but which is an attempt to trick you into clicking a link or opening a file. A survey by the National Cyber Security Centre (NCSC) showed that 91% of UK companies experiences at least one successful email-based phishing attack last year, with 84% reporting email-based ransomware attacks.

Staff can be trained to look out for signs of suspicious phishing emails and to report them. They should watch out for:

  • Spelling and grammar errors within the text
  • Unofficial sender addresses
  • Offers or proposals that sound too good to be true
  • Suspicious attachments or links

The stakes are high for SMEs

A breakdown of our survey results found that only 2% of the respondents have not taken measures after receiving a ransomware attack. Most of the survey participants told us they feel their company is now ready for hypothetical threats of this kind. Given that the vast majority had implemented changes after being hacked, it may ring true, but the stakes are high for those who are not prepared

Did your company pay the ransom?

Unfortunately, businesses often cede to an attack. 59% of companies that have been victims of ransomware paid the ransom fee, according to the IT staff surveyed. What is worse, 37% of those who paid “did not get some” or “did not get any” of their data back. But, regardless of whether these companies retrieved their data or not, 93% had to pay more than £8,400 to take that risk. This may not seem much for a larger enterprise but can be a significant amount for smaller businesses. 

Money spent on paying ransoms

Some businesses still prefer to take the risk and not pay the ransom. Sometimes it has fared well for them, with 38% deciding to not pay any ransom and still recovering their data. However, for the 3% who lost their data after deciding to not pay the ransom, the outcome was not the best-case scenario. 

Damage costs of ransomware on businesses

Among those surveyed who suffered attacks, ransomware caused financial losses that exceeded £42,000 in 77% of cases. Financial losses, however, are only part of the negative outcomes of negotiating or paying ransoms. One in four of all the IT staff surveyed (27%) think that the biggest risk of paying a ransom should an attack occur is that it does not guarantee the data will be released back. The same number fear that giving in to the cyber attacker’s demands will leave their organisation vulnerable to future attacks. 

Biggest risks when paying a ransom

These attacks can be a serious disruption for SMEs. Ransomware attacks can also affect company revenues and continuity, along with having reputational impacts. Whether it is due to the ransom fees being paid or the losses resulting from the downtime while their organisations are under a cyberattack, businesses need to react quickly, and at any given time, when falling victim to a ransomware attack. It is fortunate then that 75% of respondents stated that their companies were prepared to combat ransomware on bank holidays and weekends. 

Did you know? Ransomware can be divided into two types:

  • Locker ransomware: A type of malware that blocks basic computer functions and locks users from their devices.
  • Crypto ransomware: A program that encrypts valuable data, like documents and videos, without locking a user from their device. 

SMEs should be proactive and not just reactive to ransomware

This recent survey shows that while ransomware attacks have increased during the pandemic, more than half of the companies have bitten the bait and paid the ransom. This has happened despite the reputational risks and financial burdens these actions can cause. 

However, every cloud has a silver lining, and businesses are increasingly becoming reactive to these attacks. 82% have a continuity plan should a ransomware attack occur, while 41% have both online and offline data backup infrastructures to retrieve data should a ransomware attack take place

Why should you have online and offline data backup infrastructure?

Online data backup: Uses cloud-based storage systems to store data backups and can provide encrypted data storage. This does not require any physical storage media like USB drives. All you need is an active internet connection and a computer to perform a backup.

Offline data backup: Uses physical hardware like pen drives, external hard disks, or memory cards to backup data. It helps businesses restore data cleanly in case of ransomware attacks, and these devices can be quickly disconnected from networks in case of attacks. However, they can be easily lost or damaged.

Incorporating both types of infrastructure helps protect your data from both online and offline risks.

While a previous survey conducted in April 2020 showed that only one in five remote employees had received security training, it appears SME staff are now being trained to recognise and flag potential ransomware attacks. According to our respondents, 91% of their companies provide regular or occasional training to their staff. As a result, respondents said 94% of employees know who to report the incident to if a ransomware attack were to occur, and 49% of IT professionals state that their company would detect a ransomware attack within hours

How fast to detect a ransomware attack

Nonetheless, businesses that have not experienced ransomware attacks should be prepared to combat them and have the proper cybersecurity, network security and computer security measures. As this survey shows, paying out ransoms does not guarantee the successful retrieval of data or that a business will not be attacked again. 

Steps to reduce the risk of ransomware attacks

  • Train employees on data protection, browsing practices, and ransomware detection 
  • Secure and encrypt internet connections and networks 
  • Install updated antivirus and anti-malware solutions 
  • Keep operating systems and software up-to-date 
  • Manage your assets to know what data systems you have and what business need they support 
  • Use multi-factor authentication 

It is important for business owners to be proactive and prevent ransomware by encouraging well-defined cybersecurity strategies, carrying out staff training and allocating the right resources to cybersecurity and business continuity software to ensure that, in the worst-case scenario, critical business data is safe and that SMEs can continue operating despite a ransomware attack. 

Looking for cybersecurity software. Check out our catalogue!


To collect this data, Capterra interviewed 234 professionals from 2nd March 2022 to 8th March 2022. The surveyed candidates had to fulfil the following criteria: 

  • UK resident
  • Between the ages of 18 and 65 
  • Employed full- or part-time at a company with 2 to 250 employees 
  • Work in the IT department of their company 
  • Able to identify the definition of ransomware as “Malware that locks files or computers and asks for money to unlock them”. 

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

Content Analyst for the UK. Providing research and digital tech tips for SMBs. MA in Journalism. MA in Diplomatic Studies. Animal loving, sea revering, Mancunian

Content Analyst for the UK. Providing research and digital tech tips for SMBs. MA in Journalism. MA in Diplomatic Studies. Animal loving, sea revering, Mancunian


Get the latest software and technology news from the UK

Thank you for signing up!

You will receive a welcome email shortly.

We couldn't subscribe you.

An error occurred. Please try again later.

Follow Us