According to a recent survey by Hiscox, fewer than 10% of companies that pay ransom demands successfully recover all their data following an attack. Despite the common belief that meeting cybercriminals’ demands may provide an effective resolution, the statistics tell a different story.
Only 7% of organizations managed to fully restore lost data after paying the ransom. Furthermore, one in ten companies that complied with attackers’ demands found that their stolen data was still publicly disclosed.
As Hiscox notes, businesses invest hundreds of thousands of dollars attempting to safeguard their customers’ confidential data, yet “paying the ransom rarely proves worthwhile.” The primary motivations for such measures are the desire to protect reputations and recover data in the absence of adequate backups.
The impact of cyberattacks on corporate reputations has become an increasingly pressing issue. The survey, which involved over 2,100 professionals across eight countries, revealed that 47% of companies experienced challenges attracting new customers after publicly acknowledging a cyber incident. Moreover, 64% reported losing existing clients or business partners.
Cyber threats and their repercussions on reputation now pose a more significant risk to businesses than talent shortages or even the prospect of bankruptcy. With approximately 70% of U.S. companies reporting an increase in attacks during 2023–2024, executives are increasingly prioritizing cybersecurity. On average, businesses face over 60 cyber incidents annually—roughly one per week—while large organizations contend with up to 100 attacks each year.
Organizations Facing a Surge in Cyberattacks Over the Past 12 Months (% by Country) (2024 Cyber Readiness Report)
Hiscox recommends three critical steps to enhance cyber resilience:
- Strengthen employee awareness of cyber threats. Nearly 60% of attacks involve phishing emails. Regular training can reduce the number of successful attacks by 40%.
- Eliminate outdated technologies. Legacy systems increase risk by 50% and should be replaced with more secure solutions.
- Implement regular data backups. Backups not only expedite recovery following an attack but also minimize losses. According to the report, 35% of affected companies resorted to paying ransoms due to the absence of backups.
Hiscox emphasized that data breaches erode customer trust, reduce revenue, and tarnish brand image. Furthermore, the lack of proper cybersecurity measures can deter potential partners and investors, attract regulatory scrutiny, and ultimately impact both profitability and growth.
