Yellow abstract of floor level.

Number of UK ransomware attacks double in past year

Published on 28 March 2022

Increasing difficulty for businesses to get cyber coverage under traditional property and liability policies

 The number of ransomware attacks reported to the Information Commissioner’s Office increased100% from 326 in 2020 to 654 in 2021, shows an analysis of data conducted by RPC, the international law firm.
RPC says the rise is likely driven by the increasing profitability of ransomware attacks, which can severely hinder, if not bring a business’ operations to a standstill. As a result, a number of corporates have been forced to pay a ransom in order to have their data decrypted.

Some larger gangs have also profited from licensing their ransomware to other criminals, enabling even those with limited technological know-how to perpetrate attacks. Some criminals will scour the internet for vulnerabilities, then sell the access to other gangs who may execute the attack and exfiltrate data.
The industry sectors that were most frequently impacted by attacks in 2021 include:, Finance, insurance and credit (103 attacks), and Education and Childcare (80 attacks).
RPC says that sectors that are privy to sensitive financial data are often at the highest risk of being targeted by gangs.
Richard Breavington, Partner and Head of RPC’s Cyber and Tech Insurance team says: “Ransomware attacks have been on the rise and it’s a problem that isn’t going away any time soon.
“It is becoming increasingly rare for cyber to be covered by other types of insurance policies. As a result, businesses that are not taking dedicated cyber policies run the risk of becoming underinsured.
“However, there are options for businesses that want to avoid being caught in an insurance gap. One is investing in the latest IT security software. Not only will this reduce the chances of succumbing to an attack, but it will also signal to insurers that they take matters of cyber security seriously and hopefully make it easier for them to get coverage.
“Corporates should also ensure that their systems are backed up regularly in segregated back ups, which could help minimise business interruption in the event of an attack.”