Ransomware demands paid by over 75% of UK businesses in 2021

February 23, 2022

The UK has become the country that is most likely to pay cyber criminals, with over 80% of businesses paying ransomware demands, twice as much as the global average.

Ransomware attacks were extremely common in 2021 and hit 78% of UK businesses. Cybersecurity company Proofpoint, released a report which suggested 82% of these companies went ahead and paid the hackers a ransom fee in order to restore access to their own data.

In 2021, a number of high-profile attacks took place against US-based companies such as JBS Foods and Colonial Pipeline, where ransom payments were again made to cyber gangs. A collective statement was made in October 2021 from over 30 countries condemning the ransomware payment. Included in those countries were the US, UK, Germany, France, Japan and the European Union.

France and Japan were named in Proofpoint’s report as the most and least affected countries by ransomware throughout last year respectively. France was the most successfully targeted country with 81% of businesses in its region being infected with ransomware, while Japan was the least affected with just 50% of businesses being infected in 2021.

Bulk phishing attempts on businesses were up across the board with a 12% increase according to 600 businesses surveyed across the UK, Australia, France, Germany Japan, Spain and the US. Wider social engineering attacks also rose by more than 20%. 

Ransomware was the third most common result of a successful phishing attack, according to global figures, behind credential compromise in second place and a data breach in first. A total of 91% of UK businesses faced bulk, indiscriminate phishing attacks last year and more than 20% experienced 50 or more instances of other forms of social engineering-based attacks such as smishing, social media and vishing attacks – voice-powered phishing methods via phone calls or voice messages.

Adenike Cosgrove, Cybersecurity Strategist, International at Proofpoint said: “A staggering amount of UK businesses experienced a phishing attack in 2021 and 91% of those attacks were successful. Furthermore, security professionals in the UK are the most likely to face high volumes of non-email-based social engineering attacks.

“This compounds the fact that the UK is facing threats from all angles, however, the key to battling these threats starts with employees. All of these attacks require human interaction to be successful, emphasising the need for increased employee security awareness and training. Compared to global counterparts, UK workers had the highest awareness of the term ‘phishing’ which is promising, but at only 62% we still have a way to go to ensure businesses remain secure.”

Read Next