The State of Ransomware Report from Sophos — just over a quarter of ransomware victims that paid off their attackers, even though they have other means of data recovery, such as restoration from backups. Sophos found the average pay-out grew by nearly five times to $812,360 (£646,709), and the proportion of organizations paying over a million dollars to get their data back increased from 4% in 2020 to 11% in 2021. Sophos said 46% of victims paid some ransom, but 26% of those had the means to restore encrypted data of their own accord.
83% of mid-sized organizations have a cyber insurance policy that contained ransomware cover. Insurance was found to have covered some or all of the costs incurred in 98% of documented incidents. That said, 94% of those that held cyber insurance policies said they were now faced with more demanding clauses for security measures, more complex and expensive policies, and less choice of providers.
Why do we care?
The cyber insurance market is getting harder. That’s not just stories.
I’m particularly irked by companies paying the ransom who didn’t have to. It’s a hard enough decision to pay when it’s your only option, much less when you don’t have to. There’s a certain degree of pay it forward here. If you pay the ransom, you’re enabling them to hit the next victim. This is where I’d encourage IT, providers to draw the line.
If your customers are paying, you’re making your job harder, as those attackers will be back. Take a moment and think about that.

