The number of ransomware attacks in 2021 on US companies could end up being as high as 100,000 according to former CEO of Cisco Systems John Chambers.
According to Chambers, US companies are expected to endure over 65,000 ransomware attacks this year, an estimate he noted was conservative, with the ultimate figure possibly being as high as 100,000.
He stressed that cybersecurity is now one of the top three issues facing corporate boardrooms.
“Only six years ago [at the World Economic Forum in 2015] I said there are only two types of companies in the world—those that have been hacked and those that don’t know they’ve been hacked—and it was like a major statement of surprise,” Chambers said. “Yet today we understand how this is going to come at every company.”
His comments come in a week in which US President Joe Biden and Russian President Vladimir Putin agreed to begin cybersecurity and arms control talks at a summit that highlighted their discord on those issues.
In their first meeting since he took office in January, Biden asked Putin how he would feel if a ransomware attack hit Russia’s oil network, a pointed question referring to the May shutdown of a pipeline that caused disruptions and panic-buying along the US East Coast.
While Biden stressed that he did not make threats during the three-hour meeting, he said he outlined US interests, including cybersecurity, and made clear to Putin that the United States would respond if Russia infringed on those concerns.
The Colonial Pipeline ransomware attack is perhaps the most high profile of a spate of recent cyber-attacks which have hit the headlines in recent weeks, with other targets including meat producer JBS; Toshiba; Axa Insurance; CNA Insurance; and the Irish Health Service.
In the case of Colonial Pipeline significant disruption was suffered by the US East coast energy infrastructure network, and Colonial ended up paying a $4.4 million ransom. However, reports have suggested that with the help of US federal agencies $2.3 million of the cryptocurrency demand was subsequently recouped.
Somewhat unsurprisingly, as the severity and frequency of the attacks increase, the cost of cyber insurance is climbing rapidly. From the start of April to mid-May, premiums jumped 27% from last year’s levels, according to the latest like-for-like data from Aon.
At the same time, however, capacity appears to be shrinking. A recent survey by US trade body The Council of Insurance Agents and Brokers found that 73% of its members reported a decrease in underwriters’ capacity to assume cyber risks in the first quarter of the year.
And organisations that that pay up after a ransomware attack are finding that this policy is not necessarily a good one, with recent research indicating they incur a higher probability of a second attack.
The research from security specialist Cybereason examined the short and long-term effects of ransomware in a survey of 1,263 cyber security professionals from the US, the UK, Spain, Germany, France, the UAE and Singapore.
One of the most significant findings was that 80% of organisations that paid a ransom demand experienced a second attack.
To make matters worse, of those who experienced a repeat ransomware attack, nearly half believed it was at the hands of the same attackers, while 34% thought the second attack was perpetrated by a different set of threat actors.
Additionally, payment does not guarantee that operations will go back to normal. Of those surveyed, 46% regained access to their data, but some or all of it was corrupted. And 25% of respondents said a ransomware attack led to their organisation closing down.
Follow us on twitter: @RisksEmerging