UK ransom payments surpass global average, according to British cybersecurity firm.
According to a survey by Sophos, a British cybersecurity firm, ransomware payments have nearly doubled to $1.5m (£1.2m) in the past year. The study revealed that the highest-earning organizations were the most inclined to pay attackers. The average ransomware payment increased from $812,000 the previous year, with UK organizations surpassing the global average at $2.1m in 2023.
In the global survey, over 25% of companies making payments handed over amounts ranging from $1m to $5m, with the highest-earning firms being the most willing to pay. Companies generating over $5bn in annual revenues had an average payout of slightly below $2.5m.
Sophos stated that it is not surprising that the largest revenue organizations are the most prone to paying higher ransoms. This reflects the fact that adversaries adjust the ransom amount based on the victim’s ability to pay.
Ransomware attacks occur when malicious actors gain unauthorized access to a computer system and deploy malware that encrypts the content, rendering it inaccessible.
The Sophos report was based on a survey conducted among 3,000 senior IT and cybersecurity professionals from various organizations, including schools, retailers, and healthcare providers, across 14 countries such as the US, the UK, and Australia. However, compared to the previous year’s survey involving 5,600 professionals from 31 countries, the 2023 survey had a smaller sample size. The 2023 report specifically interviewed 200 UK organizations.
The 2023 report indicated that the rate of ransomware attacks remained the same as in 2022, with two-thirds of respondents stating that they had experienced an attack. Among the surveyed countries, Singapore had the highest attack rate at 84%, while the UK had the lowest at 44%. Notably, South Africa witnessed the most significant increase in the survey, rising from 51% of firms in the 2022 survey to 78%.
