Most SMBs admit to paying ransomware demands - here's why

(Image credit: Shutterstock / binarydesign)

The number of small and medium-sized businesses (SMBs) in the UK that have suffered a ransomware attack and decided to cave-in and payout has risen dramatically over the last year. 

This is according to a new report from Censornet, which also gives a few reasons as to why SMBs are choosing to ignore the advice of cybersecurity experts and law enforcement agencies by giving in to criminal demands.

Censornet recently polled 200 IT decision makers at UK mid-market organizations, and published the findings in its “Cyber Resilience Report 2023”. In the paper, there was a mix of good news and bad news when it came to ransomware attacks.

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

SMBs want enterprise-grade tech

It was said that the number of organizations suffering a ransomware attack dropped year-on-year, from 21% to 17%. The average cost of a ransomware attack also seemingly fell by more than a third (37%), from £144,000 to £91,000. But the number of victims deciding to pay the ransom spiked from 21% in 2021 to a massive 85% last year.

The reason for a shift in mindset seems to be the general inability to tackle the threats. Just over a third (37%) can prevent malicious attachments from reaching their employees’ inboxes, down by 14% year-on-year. Email attacks are thus the top cybersecurity incident, with a third of businesses experiencing at least one such attack (up from 16% YoY). 

These firms would benefit from better technological solutions, the research further states. More than half (51%) of SMEs believe their cybersecurity requires future-proofing development (up from 40% YoY). Last year, 15% moved away from legacy technologies, and 63% reduced the number of security vendors. Furthermore, 61% went for a more consolidated approach to cybersecurity solutions.

Also, 43% want access to the cybersecurity innovation offered to large enterprises, but 40% would love to see enterprise-grade security implementation simplified. 

Finally, more than half (55%) want security vendors to open traditionally closed-point products to enable automated responses to cyber threats. This opinion is up 20% YoY.  

“As the UK’s growing businesses expand and extend their network boundaries, their attack surfaces expand dramatically. But buying more point products won't keep them safe,” commented Ed Macnair, CEO of Censornet. 

“So it’s reassuring that UK plc is moving away from individual point products and towards integrated security platforms,” added Macnair. “For businesses that typically have smaller budgets and fewer resources, there is a growing need to simplify security via a platform approach that offers automation, intelligence and integration.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.