The number of ransomware attacks reported to the UK’s data protection regulator more than doubled between 2020 and 2021 as the pandemic raged, according to a new analysis.
The study from international law firm RPC found that the number of incidents handled by the Information Commissioner’s Office (ICO) rose from 326 in 2020 to 654 in 2021.
The verticals most frequently impacted by attacks in 2021 were: finance, insurance and credit (103), and education and childcare (80).
Organizations that handle sensitive financial data are most at risk of being singled out by ransomware threat actors, RPC warned.
Richard Breavington, partner and head of RPC’s cyber and tech insurance team, explained that it’s increasingly rare for cyber to be covered by non-specialized insurance policies. He warned that businesses that don’t take out dedicated cyber-insurance run the risk of being exposed.
“However, there are options for businesses that want to avoid being caught in an insurance gap. One is investing in the latest IT security software. Not only will this reduce the chances of succumbing to an attack, but it will also signal to insurers that they take matters of cybersecurity seriously and hopefully make it easier for them to get coverage,” he added.
“Corporates should also ensure that their systems are backed up regularly in segregated backups, which could help minimize business interruption in the event of an attack.”
The growing popularity of cyber-insurance has been blamed in some circles for the surge in ransomware attacks, as it meant victim organizations were more inclined to fall back on their policies than build stronger cyber-defenses.
A 2021 study revealed that two-thirds (70%) of cybersecurity professionals believe ransomware is being exacerbated by insurance payouts.
However, more recently, insurance companies have been reducing coverage and tightening policy requirements, raising the security bar for organizations wanting to take out policies.