The vast majority of companies hit by ransomware attacks over the past year have paid up, according to an insurance specialist’s report that warns of mixed outcomes for those who do.

Business-to-home insurer Hiscox released its annual Cyber Readiness Report against a backdrop of concern over a series of cyber attacks on high profile names over the past six months, including Marks and Spencer, the Co-op and Jaguar Land Rover (JLR).

The carmaker has been handed a £1.5bn loan guarantee by the government to help shield its vast supply chain, including many small firms, from the impact of a month-long shutdown of its factories.

While some have already laid off staff – a fraction of the 200,000 people employed among suppliers – many victims of hackers are small and medium-sized businesses (SMEs) that would not attract such financial support by themselves.

There are no lengths to which cyber criminals will stoop – with hackers just last week threatening to release the personal data of children in the care of a nursery chain.

Hiscox said 27% of the 5,750 SMEs surveyed had been targeted with ransomware over the last 12 months. Of those, 80% had paid a ransom.

But Hiscox added that only 60% of those companies had successfully recovered all or part of their data after making a payment.

Almost a third of the firms to have paid a ransom were met with demands for more money, it said.

Attacks ‘threaten survival’ of firms

The wider findings of the study showed that almost 60% of the companies surveyed had experienced a cyber attack in the period, with many blaming artificial intelligence vulnerabilities for leaving them exposed.

Many faced substantial fines for failures to adequately protect data and the findings also showed hits to not only bottom lines but reputations and orders too.

Eddie Lamb, global head of cyber at Hiscox, said: “No business, however small, can afford to underestimate the devastating impact a cyber-attack can have.

“Cyber attacks don’t just disrupt day-to-day operations; they can threaten the very survival of a business.

“The financial fall-out, from crippling fines to lost customers or soaring costs, can push even the most resilient business to the brink. On top of this, the stress and long hours required to recover can impact staff morale and even lead to burnout.”

JLR was reportedly in the process of finalising an insurance policy to cover cyber disruption when it was targeted at the end of August.

The company is already facing an estimated bill of £200m from lost production.

Henry Green, co-founder of the cyber insurance broker Assured, said policies had to reflect true levels of financial risk, or they were pointless.

“For £300-500m cover, JLR would have been looking at a circa £5m premium with at least a £10m excess,” he said.

The costs of policies which cover all losses in the event of a cyber crime will be far beyond many firms, though the cyber insurance market is growing beyond major employers.

That is partly due to the very public impact of disruption to the likes of M&S, heightened warnings over preparedness and increased competition in insurance provision.

The research specialist imarc says the market was worth £521m last year and expected to top £2.4bn by 2033.

M&S has estimated a hit of at least £300m from the ransomware attack on its business in mid-April.

But the retailer, which is widely believed to have paid off its attackers, expects to claw the bulk of that sum back through its insurance policies.

Read more from Sky News:
Video game maker EA in record buyout
Reeves fails to quell budget speculation

Mr Lamb, who urged investment in protections, added: “Cyber criminals are now much more focused on stealing sensitive business data – things like contracts, executive emails, financials, and intellectual property – because it’s easier to monetise than personal information.

“Once stolen, they demand payment to avoid public exposure, pricing threats based on reputational damage.

“This change has exposed gaps in some companies’ data loss prevention controls, which attackers are readily exploiting.”

One of the UK’s most valuable listed companies is to sell its shares directly on the rival New York Stock Exchange, in a move described as a “knock back for London”.

While AstraZeneca will maintain its headquarters in the UK and its primary stock listing on the London Stock Exchange, the news can be seen as a move away from London.

“Although there has been no suggestion that AstraZeneca is imminently going to up sticks and move its primary listing from London, there may be some nervousness this morning around the risk that the UK market might lose one of its largest constituents,” said Russ Mould, the investment director of investment platform AJ Bell.

Read more:
AstraZeneca exit is a frightening prospect for the City and the government

The news “does at least hint at the possibility of a more dramatic shift at some point in the future”, Mr Mould said.

There may also be relief that AstraZeneca is not moving from the London Stock Exchange altogether.

“I think there is probably relief that it’s not pursuing a primary listing in New York, but the decision is hardly a ringing endorsement of London,” said Neil Wilson, the UK investor strategist at investment platform Saxo Markets.

“It reflects the fundamental, structural issues in the UK for the largest globally-oriented stocks – the depth and liquidity of its capital markets is falling short of what’s on offer across the pond.”

“It’s also a bit of a knock-back for London”, Mr Wilson said.

Why is this happening?

The Cambridge-based pharmaceutical company said the decision to sell shares directly on the New York Stock Exchange – rather than the previous less straightforward system of using American depository receipts – has been made to allow it “to reach a broader mix of global investors” and “make it even more attractive for all our shareholders”.

“The US has the world’s largest and most liquid public markets by capitalisation, and the largest pool of innovative biopharma companies and investors,” the company said in an announcement to investors.

AstraZeneca’s share price was up 0.7% on the news.

Jaguar Land Rover (JLR) has announced it will partially resume manufacturing “in the coming days” after nearly a month in the wake of a cyber attack.

The luxury car-making plants have paused production since 31 August. The cyber attack halted car-making across the supply chain, with staff off work as a result.

Money latest: Five parts of UK defying housing market

More than 33,000 people work directly for JLR in the UK, many of whom are on assembly lines in the West Midlands, with the largest facility located in Solihull, and a plant in Halewood on Merseyside.

Roughly 200,000 more are employed by several hundred companies in the supply chain, who rely on JLR orders as their biggest client.

“As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world-class vehicles,” a company spokesperson said.

The shutdown was said to last until at least 1 October.

“Today we are informing colleagues, retailers and suppliers that some sections of our manufacturing operations will resume in the coming days,” the company added, days on from the partial restart of its IT systems, which allowed supplier payments to recommence.

“We know there is much more to do, but the foundational work of our recovery is firmly underway, and we will continue to provide updates as we progress.”

Over the weekend, the government said it would underwrite a £1.5bn five-year loan guarantee to JLR.

The promise came as the head of the influential Business and Trade Committee of MPs wrote to Chancellor Rachel Reeves, warning small firms reliant on JLR, “may have at best a week of cashflow left to support themselves” with “urgent” action needed to support businesses.

JLR was just the latest business to be the subject of a cyberattack.

Harrods, the Co-Op, and Marks and Spencer, are among the companies that’ve struggled in the past year with such attacks.