Business in the UK suffer on average 38 ransomware attacks a day and it is likely that we will see a significant increase in this when GDPR comes into force on 25th May this year.
According to cyber security product developer Sonic Wall there are over 2,500 different know variants of ransomware hitting UK businesses which makes the task of managing these attacks becoming a formidable job to combat. One of the current trends of cyber attacks carried out by hackers was is that their targets appeared to be that of data with ransomware being an ideal method of disrupting businesses by corrupting their data, stealing it or perhaps holding them to ransom.
This form of cyber attack on a business is perhaps one of the most difficult to handle due to its unpredictable nature and the impact that it can have on a business leaving it paralyzed to operate. It is also normally time limited which adds the factor of stress to the business owners with the imminent threat of data being destroyed if the ransom is not paid within a specific deadline.
With GDPR there is added factor of a business being fined by the Information Commissioners Office (ICO) if data is compromised.The fines that could be imposed by the ICO are between 2 and 4% of global turnover depending on how the degree of the data breach. Uber would be an example of where the ICO could have imposed a heavy fine. Hackers held Uber to £750,000 ransom with the threat of releasing the data of 57 million customers. Uber would have been in the position of breaching GDPR rules on two occasions for the initial cyber attack and the fact that it was not disclosed as all data breaches will need to be advised to the ICO within 72 hours. It will be interesting to see how the ICO approach the question of fines and to what degree they are likely to impose the maximum fine threshold.
The paying of a ransom is am easy option to pacify alleviate a cyber attack but this could only be a short term solution as the hacker could return perceiving the business to be an easy target. There is also no guarantee that the files containing the data will be released and will remain encrypted with the business still unable to access the data.
Cyber insurance can help with ransomware attacks , in paying the actual ransom and the costs associated with negotiating with the hackers. The policy would also provide coverage for the forensic and IT costs to investigate a possible sideways attacks by the hackers into computer systems. A data breach will need to be managed and this specialist form of insurance provides incident response services backed by a panel of experienced vendors.
Ransomware attacks will undoubtedly increase once GDPR comes into force and businesses will need to improve their cyber risk management in order to avoid the wrath of the ICO and the damage to their reputation that a severe data breach may cause.
Image : Shutterstock