Two organisations have recently released reports on the state of ransomware and cybersecurity incidents affecting small businesses.
Datto’s State of the Channel Ransomware Report
Datto has recently released their “State of the Channel Ransomware Report” for 2019 which surveyed over 2400 managed service providers (MSPs) across the world about ransomware attacks within their client base. The report reveals:
- 79% of MSPs reported ransomware attacks against its customers.
- SMBs are largely in the dark about the frequency and severity of ransomware attacks.
- Lack of end-user education is the leading cause of successful cyber attacks.
- Phishing emails are the most common medium for ransomware attacks. 93% of all phishing emails are ransomware according to many sources.
- The average cost of downtime caused by ransomware is 10x the average ransom.
- Attacks on Apple devices is up 500% meaning that being on Apple does not mean you are safe!
- Ransomware infections of cloud systems is increasing, and these will become more of a target for attackers.
Gallagher’s SMEs In An Age Of Crises Report
Released shortly afterwards, a report released by Cyber Insurance firm Gallagher reveals that cybersecurity incidents cost UK SMEs £8.8 billion in 2018. A poll of 1,120 UK SMEs found an average of £6,416.50 was paid out by UK SMEs last year to deal with incidents. 24% admitted they had experienced a cyber incident event last year. That equates to 1.4 million businesses across the UK, up by 5% from 2017. 17% of UK SMEs affected spent £10,000 or more to deal with the aftermath of the incident.
Having systems that are protected with advanced malware protection, and are up to date with their patches is the first line of defence. However, this is not a silver bullet and defence in depth is the best approach. End user education will go a long way to ensuring that your staff are educated in recognising any threats that do get through. Finally, having a business disaster recovery plan and system in place is key to a rapid recover from an attack should all else fail.