Ransomware is no longer just a nuisance – it has evolved into a strategic, headline-grabbing threat. UK businesses are now losing an estimated £64 billion annually to cyber-attacks, attributed to ransom payments, downtime, and lost revenue. The barrier to entry has dropped significantly, with ransomware-as-a-service making sophisticated attacks accessible even to low-skilled criminals.
AI is working as a superpower for threat actors, enabling them to generate convincing phishing emails and adaptive malware that evades detection. Even more alarming is the rise of agentic AI – autonomous systems capable of evolving ransomware independently, accelerating both the speed and sophistication of attacks. With incidents up 126% in the first quarter of 2025 alone, Anti-Ransomware Day highlights the urgent need for cyber resilience as a long-term, proactive strategy.
A Proactive, Not Reactive, Approach
A proactive mindset is key to preventing cyber-attacks, and being prepared for them is essential. Darren Thomson, Field CTO EMEAI at Commvault, notes that recovery takes 24 days on average, but some organisations don’t resume normal operations for over 200 days due to poor preparation. Knowing your “Minimum Viable Company” (MVC) is the foundation of resilience.
Glenn Akester, Technology Director at Node4, emphasises that cyber resilience depends on fundamental practices like strong patching policies and endpoint protection. Backups remain the last line of defence but must be secure by design – immutable, segregated from live systems, and regularly tested.
Thomson highlights the use of cleanroom environments to secure backups and reduce recovery time. Extending protections through the entire supply chain is vital, with Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, advocating for zero trust principles and strong controls with all suppliers.
Making Cybersecurity Everyone’s Responsibility
Cyber-attacks are often mistaken as a “victimless crime,” but Thomson reminds us that individuals must take responsibility for their cybersecurity. Practical measures like secure password managers and avoiding public Wi-Fi without a VPN are essential.
With cybersecurity ranking low on priority lists for many business leaders, Akester argues for a trickle-down approach, where prioritising security at the C-suite level promotes awareness throughout the organisation.
A Moment To Pause, Not Panic
With AI supercharging threats, organisations cannot rely on outdated policies. As Akester concludes, resilience must be designed, tested, and maintained. This Anti-Ransomware Day is an opportunity to make cybersecurity a priority for everyone.
Key Points
- UK businesses lose an estimated £64 billion annually to cyber-attacks.
- Ransomware-as-a-service is lowering the barrier to sophisticated attacks.
- AI enhances the capabilities of ransomware, including adaptive malware and phishing tactics.
- A proactive approach is essential for cyber resilience, focusing on recovery preparedness.
- Organisations need to ensure backups are secure, immutable, and regularly tested.
- Cyber resilience should be a collective responsibility across all levels, not just the IT department.
Why should I read this?
If you’re keen on understanding why ransomware is a massive concern today, this article dives into the facts and figures that make it crucial reading. It’s not just a tech issue; it’s a pressing reality for every business and individual in our increasingly digital world. Don’t just catch up—stay ahead of the curve and make cybersecurity everyone’s business!