After looking at the impact of widespread ransom attacks on small and midsize enterprises (SMEs) during the pandemic , in this second part of our study we compare the steps UK SMEs take to combat cyberattacks with the measures employed by other European countries.

Ransomware attacks in the UK compared to Europe

Ransomware attacks have been affecting organisations for years, but despite the existence of cybersecurity measures, numbers have risen dramatically since the start of the pandemic. An annual review by the National Cyber Security Centre found that three times as many ransomware attacks occurred in the first quarter of 2021 than in the whole of 2019. Over a third of UK businesses reported a data breach in the 12 months prior to March 2021. Additionally, the number of UK ransomware attacks reported to the Information Commissioner’s Office (ICO) doubled between 2020 and 2021.  

Europe receives 43% of all ransomware attacks, with the same level occurring in North America. After the United States, the UK and France are two of the top three countries in the world that receive the most ransomware attacks. These attacks also affect multiple industry verticals beyond the public sector. In Germany, ransomware attacks have affected organisations ranging from retailers such as Media Markt, factories such as Eberspächer Gruppe, and even hospitals like Uni-Klinikum Düsseldorf. How are smaller businesses faring against these attacks?

To find out whether SMEs were better prepared to tackle ransomware across Europe, we surveyed over 600 IT professionals: 234 from the UK, 200 from France, and 203 from Germany, and asked them about their experiences with these attacks before and after COVID-19. In this article, we look at the measures being deployed across these three countries to prevent future ransomware attacks. Participants represented SMEs from various industries. Find the detailed methodology at the bottom of this page.

UK SMEs are more willing to pay ransoms

Our survey results show that a similar proportion of companies have fallen prey to ransomware attacks in each country, with around half of businesses suffering at least one attack (51% in the UK, 49% in France, and 52% in Germany). The timings and frequency of these attacks vary somewhat though. All three countries received a third of their ransomware attacks before the COVID-19 pandemic (35% in the UK, 37% in France, and 37% in Germany), with the majority occurring afterwards. However, the UK SMEs led the statistics for suffering attacks both before and since the pandemic (21% in the UK, 13% in France, and 8% in Germany).

The response to these attacks also varies depending on the country. 59% of UK respondents stated that they paid the ransom. In France, the number decreased to 44%, and only 35% of German IT professionals confirmed they paid what was asked. 

The risk was worth it for 59% of the German respondents who did not pay the ransom but recovered their data, but the same cannot be said for the 6% of German SMEs that lost their data as a result of not paying the ransom or the 8% of French respondents who faced the same fate, while in the UK this scenario only affected 3%. It is telling that 40% of French and German respondents consider that the biggest risk in negotiating a ransom is that it does not guarantee that you will get the data back. In the UK, this percentage is lower, at 27%.

Did your company pay the ransom?

According to the survey, UK SMEs not only paid ransoms more often than French and German SMEs, they also paid higher ransom fees. 39% of the IT professionals surveyed in the UK said their organisation had paid between £33,001 and £67,000. In France and Germany, the percentage of respondents who had to pay that amount was far lower (14% in France and 11% in Germany). In these two countries, the most common price range for ransoms was between €10,001 and €20,000 (approximately £8,400 to £17,000), with 33% of French and 27% of German respondents claiming their company had paid that amount.

How much did your organisation pay for the ransom?

The financial burdens of ransomware attacks are higher for UK SMEs

The financial woes for UK SMEs do not end there. Businesses can incur costs beyond the ransom fees they have to pay when falling victim to these kinds of cyberattacks. Of the three surveyed countries, UK SMEs suffered the most financial damage due to ransomware attacks , with 37% of the UK representatives reporting costs to the business of between £42,001 and £84,000. In France and Germany, the number of companies that suffered financial damages on this scale was lower (23% in France, 24% in Germany). The highest percentage for these two countries was for costs ranging between €10,001 and €20,000 (between approximately £8,400 and £17,000), with 26% of French and 32% of German IT professionals reporting damages on this scale, compared with the UK’s 10%.

What damage can ransomware cause?

Ransomware can cause damage and financial expenditures beyond the ransom fee, such as:

  •   Loss of data
  •   Reputational damage
  •   Lost profits caused by downtime
  •   New investments in security measures
  •   Working hours spent on remediation efforts
  •   Potential legal fines
  •   Replacement of compromised devices
How much financial damage did the ransomware attack cause on your business?

UK SMEs have taken more measures to prepare for future attacks

It is not all doom and gloom for UK SMEs. Although they have borne the brunt when it comes to financial costs incurred due to ransomware attacks, our survey shows that UK SMEs implemented more measures than their French and German peers after an attack.

Our surveyed IT professionals report that most SMEs carried out changes after a ransomware attack. These varied from installing antispam or  antivirus software, to improving data backup infrastructure, installing a virtual private network (VPN), or optimising the security of endpoint devices. With the exception of the installation of antispam software, the UK led the line in the implementation of changes.

Identification of vulnerabilities

The biggest difference in preventative measures implemented could be found in the security of endpoint devices, which involves encrypting devices that send or receive data within a company network to protect them from unauthorised access. According to the survey, 52% of UK SMEs worked on improvements in this area whereas only 30% of French and 25% of German respondents carried out these changes.

Interestingly, with phishing attacks being the primary entry point for cyberattacks in the UK, the fact that the UK had the lowest percentage of antispam software already implemented (42% in comparison to 58% in France and 53% in Germany), and the lowest percentage of new installations after being attacked (22%, whereas in France it was 35% and in Germany it was 36%) raises the question: should SMEs do more to protect their email systems from viruses and phishing to prevent ransomware attacks from occurring in the first place?

Business continuity planning

From our results, we could see that representatives from all three countries were reactive to ransomware attacks and took measures to try to prevent future attacks. A clear majority of survey respondents claimed that their company has a continuity plan should a ransomware attack occur. UK SMEs lead in adopting these measures, with 82% having continuity plans in place, compared with 71% of French and 73% of German SMEs, according to respondents.

Does your country have a continuity plan should a ransomware attack occur?

Online and offline data backups

Along with continuity plans, a clear majority of representatives in all three countries have backup infrastructures to retrieve data should a ransomware attack occur. However, the survey indicates that UK SMEs`place more emphasis on having both online and offline data backup infrastructures rather than just one of the options. 41% of UK respondents said their company secures backup data not only online, for example on cloud-based services, but also on hardware that can be disconnected from networks in case of attacks. 28% of French and 28% of German respondents’ companies have yet to take this preventive measure.

Does your company have data backup to retrieve data should a ransomware attack occur?

Preparation for attacks during holidays and weekends

UK SMEs seem to have taken heed of advice from the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency ( CISA) across the Atlantic over the growing trends for cyberattacks over weekends and holidays. 75% of UK respondents affirmed their companies were prepared for attacks during these periods, while 66% of German professionals said the same. The number was lower in France, where only 59% were prepared for attacks on non-working days.

Is your company prepared should a ransomware attack occur on weekends or bank holidays?

Regular employee training

Preparation for ransomware attacks also requires training your employees to detect and prevent these activities. Our survey showed that 44% of UK SMEs have provided training once or twice to their employees. While it’s a good start, regular training would provide workers with newer insights into detecting and preventing attacks. 

Organisations can benefit from having cybersecurity education programs that include ransomware detection training. While deploying adequate computer security and Zero Trust Network Access (ZTNA) can help prevent ransomware attacks, these attacks still require a response from employees and executives. Staff need to know what to do to limit damage and avoid legal troubles. 91% of UK respondents said their company provided employees with training to recognise and flag potential ransomware attacks. The numbers for France (75%) and Germany (78%) were more concerning.

Does you company provide employee training on how to recognise potential ransomwara attacks?

Prevention is still key to fending off ransomware

Our survey has shown that while the number of ransomware attacks is common throughout Europe, SMEs in the UK fare worse when it comes to the financial burdens of these cyberattacks. With so much at stake for SMEs who fall victim to hackers, more should be done to prevent these attacks from happening rather than acting too late.

Key takeaways
  • UK SMEs are more likely to pay ransoms than their French and German peers, with 59% succumbing to demands
  • UK respondents pay the highest ransoms of the three countries surveyed, with 39% paying between £33,001 and £67,000
  • French and German SMEs are less trusting that they will get their data released back, even after paying the ransom
  • UK SMEs also suffered the most financial damage as a result of these ransomware attacks; 36% incurred costs of between £42,001 and £84,000

According to the survey, UK SMEs have taken more steps than French and German SMEs to better prepare for future attacks. However, security plans should be regularly reviewed to strengthen security spots that may be exploited. It is vital to identify and resolve IT weak points or training gaps, such as the detection of phishing via email. 

Companies should enhance their training programmes for employees to make sure they know the importance of maintaining regular data backups to strengthen recovery and resilience should an attack occur. The use of online and offline data backups, in addition to appropriate network security and multi-factor authentication software, can help secure businesses against cyberattacks and maintain their business continuity. 

Ransomware attacks are unlikely to decrease in the upcoming future. UK SMEs have stepped up their game to react to these attacks but should ensure they have appropriate measures to prevent them from happening in the first place.

Looking for cybersecurity software. Check out our catalogue!


To collect this data, Capterra conducted an online survey in France in January 2022 and in the UK and Germany in March 2022. The 637 professionals surveyed had to fulfil the following criteria: 

  • Resident in the UK, France, or Germany
  • Between the ages of 18 and 65 
  • Employed full- or part-time at a company with 2 to 250 employees 
  • Work in the IT department of their company 
  • Able to identify the definition of ransomware as “Malware that locks files or computers and asks for money to unlock them”. 

Of the respondents interviewed, 234 were from the UK, 200 from France, and 203 from Germany.