International

UK businesses face rising ransomware threats amid resilience gap and insurance challenges

Tuesday, 30 September 2025 4:06AM UTC

A recent report reveals escalating ransomware attacks targeting UK firms, exposing vulnerabilities especially among SMEs, while larger companies improve their defence—highlighting a growing need for comprehensive cyber resilience strategies.

The latest insights from the insurance sector reveal a troubling trend in ransomware attacks targeting businesses, particularly small and medium-sized enterprises (SMEs). According to a report from business-to-home insurer Hiscox, an overwhelming 80% of companies hit by ransomware over the past year chose to pay the ransom demanded by cybercriminals. However, paying up does not guarantee a full recovery: only 60% of those who paid were able to retrieve all or part of their stolen data, and nearly a third faced subsequent demands for additional payments.

Hiscox’s Cyber Readiness Report highlights the wide-reaching impact of cyber attacks, noting that nearly 60% of surveyed companies experienced some form of cyber intrusion within the last 12 months. Many of these firms cited vulnerabilities related to artificial intelligence technologies as a key factor in their susceptibility. Beyond operational disruption, companies also suffer reputational damage and financial penalties, often struggling to attract or retain customers after an attack.

Eddie Lamb, global head of cyber at Hiscox, emphasised the critical threat such attacks pose to the survival of businesses. He warned that the financial fallout—from hefty fines to lost revenue—can push firms to the brink, while the stress of recovery efforts affects staff morale and wellbeing. Lamb also noted a shift in cybercriminal tactics towards stealing valuable business data such as contracts, executive communications, financial records, and intellectual property. This data is considered easier to monetise than personal information, with hackers leveraging the threat of public exposure as further leverage.

Recent high-profile attacks reinforce these concerns. Jaguar Land Rover (JLR), for instance, suffered a ransomware attack that contributed to an estimated £200 million in lost production costs. The UK government granted JLR a £1.5 billion loan guarantee to protect its extensive supply chain—including many SMEs at risk of shutdowns lasting several weeks—from severe financial damage. JLR reportedly was finalising a cyber insurance policy at the time of the attack, underscoring the growing recognition of cyber risk among large employers. Cyber insurance, however, remains costly; premiums for coverage covering large-scale losses often run into millions of pounds, placing full protection beyond the reach of many companies.

The insurance market is responding with growth in cyber coverage availability, spurred by publicised disruptions at major firms like Marks and Spencer (M&S) and heightened awareness of cyber preparedness. M&S estimated a £300 million loss from its ransomware incident earlier this year but expects to reclaim most of that sum through insurance. The Hiscox report noted that companies must strike a balance between investment in preventive technologies and realistic cyber risk management to protect operations and reputation.

Despite these troubling figures from SMEs, there is a contrasting trend among larger enterprises in the UK. Recent data from 2025 shows a significant decline in ransom payments among UK enterprises, with only 17% paying up—the lowest rate on record. This shift is attributed to improved cyber resilience, including widespread use of air-gapped and immutable backups, enabling many organisations to thwart data encryption attempts before critical damage occurs. This indicates a move towards greater preparedness and resistance against ransomware attacks within some segments of the market.

The risks posed by ransomware are not confined to industry alone. Just last week, a ransomware gang targeted Kido International, a childcare provider operating 18 nurseries in Greater London, stealing and threatening to expose sensitive personal data of over 8,000 children. This alarming incident highlights the broader societal implications of cybercrime, particularly concerning vulnerable groups, and underscores the urgency for more robust data protection measures across sectors.

On a national level, the UK is facing an increasingly hostile cyber threat environment. According to the National Cyber Security Centre (NCSC), cyber incidents rose by 16% in 2024, with a notable increase in sophisticated data exfiltration and ransomware attacks. The NCSC reported issuing over 500 warnings to organisations on mitigating these threats, reflecting the scale and intensity of the challenge. Law enforcement efforts are ongoing, exemplified by the recent arrest of a suspect linked to a ransomware attack that disrupted airport systems across Europe, although investigations remain at an early stage.

Overall, the evolving cyber threat landscape underscores the need for comprehensive strategies combining prevention, rapid response, and resilient recovery frameworks. While some firms, particularly larger enterprises, are beginning to resist ransomware demands through improved defences, many smaller businesses continue to face difficult choices amid financial pressures—a reality that suggests cyber insurance, stronger security protocols, and widespread cyber education remain critical components in combating this pervasive threat.

📌 Reference Map:

Paragraph 1 – ^[1], ^[7]
Paragraph 2 – ^[1], ^[2]
Paragraph 3 – ^[1], ^[2]
Paragraph 4 – ^[1]
Paragraph 5 – ^[1], ^[2]
Paragraph 6 – ^[3]
Paragraph 7 – ^[4]
Paragraph 8 – ^[6], ^[5]
Paragraph 9 – ^[1], ^[3], ^[4], ^[6]

Source: Noah Wire Services

More on this

https://motorsport.manxradio.com/news/uk-news/cyber-attacks-80-of-ransomware-victims-pay-up-insurer-says/ - Please view link - unable to able to access data
https://www.hiscoxgroup.com/blog/hiscox/hiscox-cyber-readiness-report-2024 - The Hiscox Cyber Readiness Report 2024 reveals that 67% of organisations experienced an increase in cyber incidents over the past year. The report highlights challenges in balancing technological advancement with robust cyber risk management to protect operations and reputations. Key findings include difficulties in attracting new customers post-attack, loss of existing customers, and negative publicity. The study underscores the importance of continuous cyber education and awareness across all organisational levels to maintain security.
https://www.itpro.com/business/business-strategy/ransomware-victims-are-refusing-to-play-ball-with-hackers-just-17-percent-of-enterprises-have-paid-up-so-far-in-2025-marking-an-all-time-low - In 2025, only 17% of UK enterprises targeted by ransomware attacks chose to pay the ransom, marking the lowest rate on record. This significant decline from previous years is attributed to improved preparedness and backup strategies. Notably, 72% of businesses now use air-gapped backups, and 59% use immutable backups. The shift reflects a broader trend towards resilience and resistance in the face of ransomware threats, with enhanced defences enabling 44% of companies to stop attacks before any data encryption occurred.
https://www.reuters.com/world/uk/london-nurseries-hit-by-hackers-data-8000-children-stolen-2025-09-26/ - A ransomware group known as Radiant hacked Kido International, a childcare provider operating 18 nurseries in Greater London, stealing personal data on over 8,000 children. The cybercriminals published names, photos, home addresses, and family contact information of 10 children to prove their breach and threatened to release additional data on 30 more children and 100 employees. This incident is among several major cyberattacks in the UK this year, raising serious concerns about child safety and data privacy.
https://www.reuters.com/business/aerospace-defense/uk-police-arrest-man-over-cyber-attack-that-affected-european-airports-2025-09-24/ - British police arrested a man in his 40s in connection with a ransomware attack on Collins Aerospace, a subsidiary of RTX, that disrupted airport check-in systems across Europe. The man was detained under the Computer Misuse Act and released on conditional bail. The National Crime Agency (NCA) emphasized that the investigation is still in its early stages. The specific group responsible for the cyberattack has not been identified, and no claims of responsibility have appeared on dark web leak sites monitored by cybersecurity experts.
https://www.reuters.com/technology/cybersecurity/uk-facing-increased-hostile-activity-cyberspace-security-official-warns-2024-12-03/ - Britain's cyber security chief, Richard Horne, has issued a warning about the rising hostile activities within the UK's cyberspace. The National Cyber Security Centre (NCSC) reported a 16% increase in incidents, with 430 cases in 2024 compared to 371 in the previous year. These incidents have become more frequent, sophisticated, and intense, with 347 involving data exfiltration and 20 involving ransomware. The NCSC, a part of GCHQ, also highlighted the issuance of 542 notifications to organisations, advising them on how to mitigate these threats.
https://www.hiscoxgroup.com/news/press-releases/2022/08-11-22 - Over a third (36%) of companies who paid a ransom to cyber criminals went on to be targeted for a second time, according to the latest Cyber Readiness Report released by specialist insurer Hiscox. In addition, more than four in 10 (41%) of those that paid ransom demands to cyber criminals failed to recover all their data. The Hiscox Cyber Readiness Report, which is based on the views of over 5,000 organisations of all sizes across eight countries, found the industries that were forced to pay a ransom were those with ‘just-in-time’ supply chains: food and drink (62%), manufacturing (51%) and leisure (50%).

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative references the Hiscox Cyber Readiness Report 2024, published on 24 October 2024 ([hiscoxgroup.com](https://www.hiscoxgroup.com/blog/hiscox/hiscox-cyber-readiness-report-2024?utm_source=openai)). The article was published on 30 September 2025, indicating a freshness of approximately 11 months. The report is accessible on Hiscox's official website, suggesting the content is not recycled from low-quality sites or clickbait networks. The article includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged.

Quotes check

Score: 9

Notes: The article includes direct quotes from Eddie Lamb, global head of cyber at Hiscox. These quotes are consistent with those found in the Hiscox Cyber Readiness Report 2024 ([hiscoxgroup.com](https://www.hiscoxgroup.com/blog/hiscox/hiscox-cyber-readiness-report-2024?utm_source=openai)). No earlier usage of these quotes was found, indicating they are original to this report.

Source reliability

Score: 9

Notes: The narrative originates from a reputable organisation, Hiscox, a global specialist insurer. The Hiscox Cyber Readiness Report 2024 is accessible on Hiscox's official website ([hiscoxgroup.com](https://www.hiscoxgroup.com/blog/hiscox/hiscox-cyber-readiness-report-2024?utm_source=openai)), indicating the content is not from an obscure or unverifiable source.

Plausability check

Score: 8

Notes: The claims in the narrative align with the findings of the Hiscox Cyber Readiness Report 2024, which indicates that 80% of companies hit by ransomware over the past year chose to pay the ransom demanded by cybercriminals ([hiscoxgroup.com](https://www.hiscoxgroup.com/blog/hiscox/hiscox-cyber-readiness-report-2024?utm_source=openai)). The article also references recent high-profile attacks, such as those on Jaguar Land Rover and Marks and Spencer, which are consistent with known incidents. The narrative lacks specific factual anchors, such as exact dates for the attacks mentioned, which could reduce the score and flag it as potentially synthetic.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is based on the Hiscox Cyber Readiness Report 2024, published on 24 October 2024, indicating a freshness of approximately 11 months. The article includes direct quotes from Eddie Lamb, global head of cyber at Hiscox, which are consistent with those found in the report. The content originates from a reputable organisation, Hiscox, and aligns with known incidents, such as the ransomware attacks on Jaguar Land Rover and Marks and Spencer. However, the narrative lacks specific factual anchors, such as exact dates for the attacks mentioned, which could reduce the score and flag it as potentially synthetic.

Cybersecurity
Ransomware
Insurance