London — A new report by insurance giant Hiscox has revealed the scale of ransomware’s grip on businesses worldwide, with the majority of victims paying up — and often gaining little in return. The Cyber Readiness Report, based on a survey of 5,750 small and medium-sized enterprises (SMEs), highlights the devastating consequences of attacks on both large corporations and smaller firms struggling to survive.
Majority of Victims Pay — but Outcomes Vary
According to the findings, 27% of SMEs were targeted with ransomware in the past 12 months. Of those, 80% admitted to paying a ransom, a figure that underscores the desperation many companies face when their systems are locked down.
Yet paying does not guarantee recovery. Only 60% of firms that transferred money to cybercriminals successfully retrieved all or part of their stolen or encrypted data. Alarmingly, nearly a third of those who complied faced additional demands for more money, placing them in an endless cycle of extortion.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
High-Profile Cases Highlight Economic Risks
The report comes amid a wave of cyberattacks on household names such as Marks & Spencer, the Co-op, and Jaguar Land Rover (JLR). JLR was forced into a month-long shutdown, prompting the UK government to provide a £1.5 billion loan guarantee to shield its vast supply chain, which employs nearly 200,000 workers. The automaker is already facing an estimated £200 million bill from lost production.
Marks & Spencer has also reported a hit of at least £300 million following a ransomware attack in April, though the retailer expects to recover much of the damage through insurance coverage.
Cyber Insurance Costs Soar
The Hiscox report highlights how insurance coverage has become both essential and financially burdensome. Cyber insurance premiums for large companies can run into millions. Henry Green, co-founder of insurance broker Assured, estimated that JLR would have faced a premium of about £5 million for cover worth £300–500 million, alongside a £10 million excess.
While the market for cyber insurance is growing — valued at £521 million last year and projected to exceed £2.4 billion by 2033, according to research firm IMARC — many smaller businesses find such policies unaffordable. Without the safety net that large corporations enjoy, SMEs are especially vulnerable to collapse after an attack.
Threatens the Survival of Businesses
Eddie Lamb, global head of cyber at Hiscox, stressed the existential danger ransomware poses. “No business, however small, can afford to underestimate the devastating impact a cyber-attack can have,” he said. He added that beyond financial losses, attacks drain morale, cause staff burnout, and erode trust with customers.
Lamb warned that cybercriminals are increasingly targeting sensitive corporate data — such as contracts, executive emails, financial documents, and intellectual property — rather than personal data. These assets are easier to monetise, with hackers threatening to leak them publicly unless payments are made.
A Growing, Shifting Threat
With AI vulnerabilities and gaps in data loss prevention controls leaving firms exposed, the report underscores an urgent need for investment in cybersecurity. From global giants like JLR to nurseries threatened with leaks of children’s data, the evidence shows that ransomware attacks now pose a systemic risk to businesses of every size.
As Lamb concluded: “Cyber attacks don’t just disrupt day-to-day operations; they can threaten the very survival of a business.”
