Ransomware is one of the greatest threats faced by businesses today, irrespective of sector, with attacks now commonly taking the form of wither data encryption or data exfiltration coupled with ransom demands. Data subject litigation following on from a cyber-incident is also significantly on the rise. Phishing emails are still a prominent root cause of cyber-attacks, although there has been a slight decrease in our cases from 32% in 2020 to 25% in 2021. We continue to see phishing emails being used where the end goal is to extract data and deliver malware to encrypt systems as a precursor to demanding a ransom payment. However, phishing emails are also the initial point of intrusion for other forms of cyber-attack, including the perpetration of further phishing campaigns or payment diversion fraud attempts. As ever, being as prepared as possible for a cyber-attack is of critical importance. From having well-rehearsed incident response and business recovery plans in place, to ensuring that IT security is taken seriously, with senior stakeholder involvement and accountability, are critical. The consequences for an unprepared organisation can be devastating

Open Publication