UK ransomware attacks doubled in 2021 – report

ransomware uk 2021

The number of ransomware attacks reported to the UK’s data watchdog and financial regulator rose dramatically last year, reflecting the scale of the threat that file-encrypting malware poses to businesses.

International law firm RPC found that the number of UK ransomware attacks reported to the Information Commissioner’s Office (ICO) in 2021 doubled from 326 in 2020 to 654 in 2021.

The highest targeted sectors were finance, insurance and credit, and education and childcare.

RPC said the increase is due to the growing profitability of ransomware attacks, with some gangs licencing out their malware in exchange for a cut of the ransom fee.

“It is becoming increasingly rare for cyber to be covered by other types of insurance policies. As a result, businesses that are not taking dedicated cyber policies run the risk of becoming underinsured,” said Richard Breavington, partner and head of RPC’s cyber and tech insurance team.”

Breavington added that companies should invest in security software and ensure their systems are backed up regularly.

A separate report published this week showed that “cyber incidents” submitted to the Financial Conduct Authority (FCA) jumped from 76 in 2020 to 116 in 2021 – an increase of 52%.

One in five of these incidents involved ransomware, according to data obtained via a Freedom of Information request submitted by UK cybersecurity firm Picus Security.

An incident is classed as material if there is a significant loss of data, unavailability or control of IT systems, affects a large amount of customers or unauthorised access to information systems.

In approximately one-third of reported incidents, there was the possibility that personal data or company confidentiality had been compromised or breached.

“Financial services firms are amongst the best prepared and most highly capable organisations at detecting and responding to cyber incidents. Yet, despite investing heavily in security and data protection, it’s clear that many continue to experience challenges in these areas,” said Dr Suleyman Ozarslan, Picus Security co-founder and VP of Picus Labs.

The most active month for reports was in March, with 21 cyber incidents filed at the time when critical vulnerabilities were discovered in Microsoft’s on-premise Exchange server.

Earlier this month Censornet published a report that found cyberattacks knock a third of mid-market UK firms offline for a day.

The rising threat of cyberattacks has helped to create a booming cybersecurity market. Investment in UK cybersecurity companies surpassed a record £1bn in 2021, a 25% increase on the year prior.