A staggering 71% of UK businesses have paid a ransom to cybercriminals in the past 12 months – yet nearly half of British firms still believe their cybersecurity is watertight, according to new research.
The research by data security specialists Cohesity – which surveyed over 400 global organisations with more than 1,000 employees, in both the private and public sector – found that the retail sector remains surprisingly complacent, despite recent high-profile cyberattacks on M&S, Harrods and Co-op that have caused lasting reputational, operational and financial damage. Their data found that 50% of organisations in the retail, distribution and transport sectors think their cyber strategy needs little to no improvement.
Insurance doesn’t solve all problems
The research also found that 94% of retailers who were targeted by cybercriminals used insurance to recover costs – however, 93% reported that their costs were not fully met by cyber insurance. This was evidenced by the M&S cyberattack earlier this year; although the retailer was able to recover £100 million in cyber insurance following the ransomware attack in April, this did not come close to covering the full extent of the damage, which it originally estimated as £300 million in lost profits. M&S’ most recent half-year report shows that the retailer was able to recover relatively quickly, nonetheless its profits were more than halved, despite the insurance payout.
While M&S – one of the UK’s largest retailers and a FTSE100 company – was able to lean into its scale and resilience to drive a relatively successful recovery, smaller retailers do not have the same luxury. Yet a large portion of British businesses are “overconfident but unprepared” when it comes to cybersecurity says Fraser Hutchison, VP Northern Europe at Cohesity.
“Most organisations are still misjudging the true material impact of cyberattacks; from recovery costs and the effect on earnings and stock price to legal, regulatory, and compliance consequences,” he said. “Even large, well-known brands fall victim to attacks with state-of-the-art technology for threat detection and prevention in place.”
AI assisting cybercrime
Gen AI and cloud software, while helping to rewrite the future of retail, are also giving cybercriminals new entry points into organisations – with many then biding their time before striking at the most inopportune moment. It was reported that hackers had accessed Jaguar Land Rover’s systems weeks before they chose to make their attack – and issue their ransom.
Many organisations do feel they have little option but to pay ransoms – but this doesn’t guarantee that full access to their systems is returned, nor does it mitigate against future attacks. As the old saying goes, prevention is better than cure. With the average UK ransom estimated at a shocking £1,051,000, according to Cohesity’s data, British retailers simply cannot afford to be complacent – particularly as it’s no longer a case of ‘if’ cybercriminals might strike, but ‘when.’
“We need a bigger focus on response and recovery, so organisations can better respond to and bounce back from cyberattacks which are now an inevitability,” Hutchison concluded.
Stay informed
Our editor carefully curates two newsletters a week filled with up-to-date news, analysis and research. Click here to subscribe to the FREE newsletter sent straight to your inbox. Why not follow us on LinkedIn to receive the latest updates on our research and analysis?
