Rising ransomware attacks are threatening UK businesses

7th October 2021

As the UK continues to contend with the many changes that have swept the landscape over the past several months, yet another threat has emerged and threatens to destabilise businesses even further. Ransomware attacks.

Ransomware attacks are a type of malware where third-parties threaten to publish a company’s private data unless a ransom is paid, and it has quickly become the leading cause of cyberattacks for companies all across the UK.

According to research from Arctic Wolf, over 40% of businesses have paid five-figure ransoms to ensure that business operations continue to run. In addition, over 20% have covered up a breach to protect their business reputation.

These high ransoms have proven to be a major source of concern and financial drain for business leaders.

Over 35% of business leaders said they were worried about ransomware attacks. While another 67% believed their company was more vulnerable to cyberattacks than before. Moreover, 31% said that they paid anywhere between £36,000 and £216,000 to address security breaches over a year.

Despite the rising awareness of the threat they pose, ransomware attacks continue to take place, revealing clear weaknesses in security processes.

Examining the cause behind ransomware attacks

To find the cause behind ransomware attacks, we need to examine what action business leaders have taken towards vendor security processes.

Over 39% of business leaders said they do not have comprehensive cybersecurity insurance, indicating that they have not covered all their bases when securing data.

Even more concerning, however, is the fact that 62% of business leaders said they were not confident in their employees' ability to identify cyberattacks; indicating that they have not invested in the essential resources needed to train their teams.

The sharp rise in ransomware attacks indicates that the cybersecurity processes that are currently in place cannot match up to the threats facing the current business landscape.

To reduce incidents of cyberattacks, businesses need to reconsider who has access to their data, along with cybersecurity procedures to protect said data.

This includes creating a secure vendor security environment where you know who is accessing company data and even have the option to trace the digital footprint in your infrastructure.

Protect your data from ransomware attacks with RiskXchange

RiskXchange is the only 360-degree vendor risk management platform that allows you to protect your digital assets from attacks, such as ransomware, through better oversight into vendor security infrastructure.

Our solution can help you manage your attack surface, monitor third-party vendor security transactions, and detect anomalies that preclude a cyberattack; all of which help you secure your data from ransomware attacks in the future.

A new Wisconsin law could have ramifications on the way insurance companies and their vendors handle private data. Insurance companies must follow specific regulations to protect sensitive information, such as social security numbers and health-related information, when the new law is passed on the first of November.

Once the new law comes into effect, insurers must conduct a risk assessment, develop an information security program, create an incident response plan, and work with third-party providers to protect customer information.

Furthermore, if a cyberattack occurs, insurance companies must notify relevant parties within a specific timeframe. Insurance companies must inform consumers and insurance providers within 45 days of learning about the breach. They must also inform the Officer of The Commissioner of Insurance (OCI) of the cyber breach within three days. Moreover, if the attack affects 1000 or more consumers, they must inform consumer reporting agencies of the incident.

The new law, which has been in the works since 2019, highlights how national and local governments are placing greater emphasis on data security and are setting strict expectations over how insurance companies should be handling sensitive data.

If insurance businesses want to meet legal demands, they must work with third parties to create a secure environment that keeps data safe.

Why are governments cracking down on data security procedures?

Local and national governments are becoming more stringent about the way insurance companies handle sensitive data. The crackdown comes in the wake of several research reports showing that the healthcare industry is one of the most targeted industries for cyberattacks. Despite this, most parties involved do not have strict security measures to protect their data.

In addition, by encouraging insurance firms to take a closer look at their security, they must also scrutinise their vendors.

Insurance companies work with dozens of vendors that access sensitive data. If insurance firms are to conduct accurate risk assessments or develop suitable incident response plans, they must ensure that vendors meet high-security standards. To improve monitoring, they will need to invest in technology that would allow them to examine vendor security processes, especially when working with hundreds of vendors.

Enforce vendor security with RiskXchange

RiskXchange is the only 360-degree vendor risk management platform that allows businesses to protect their digital assets from cyber-attacks and third-party breaches by improving oversight into vendor infrastructure. The solution can help you oversee your attack surface, monitor vendor activity, and detect anomalies that indicate a cyberattack, all of which help you secure data, meet compliance requirements, and maximise vendor security infrastructure.