Ransomware risk resurfaces

A ransomware attack is the digital version of a shop owner arriving in the morning and finding every till welded shut, every booking diary locked, and a note demanding money for the key. The United Kingdom’s National Cyber Security Centre says attackers encrypt files, block access to devices, and increasingly threaten to leak stolen data as well. (ncsc.gov.uk) Hiscox says this is landing heavily on small and medium-sized businesses in Britain, with 65% of United Kingdom firms in its 2025 survey reporting at least one cyber attack in the past year. Among attacked firms, businesses with 1 to 10 staff reported an average of four incidents, which turns “one bad day” into a repeat operating problem. (hiscox.co.uk) Ransomware is only one slice of that, but it is an expensive one. Hiscox says 27% of businesses that suffered a cyber attack faced ransomware, and 80% of those victims paid, yet only 60% recovered all or part of their data. (insurancebusinessmag.com) Paying also does not end the story. The National Cyber Security Centre says a victim can pay and later find the attacker never deleted the stolen data, then faces a fresh threat to publish or sell it months or even years later. (ncsc.gov.uk) That is why a café, clinic, garage, or travel agent can lose far more than files. If bookings, card payments, payroll, or stock systems run through one compromised network, the business can still be rebuilding computers and restoring backups after the ransom demand itself is over. (ncsc.gov.uk) The wider United Kingdom picture is uneven but still ugly. The government’s Cyber Security Breaches Survey 2025 found 43% of businesses reported some kind of cyber breach or attack in the previous 12 months, and the rate was 67% for medium-sized businesses and 74% for large ones. (gov.uk) Phishing is still the front door for a lot of this. The same government survey found phishing was the most common attack type, hitting 85% of businesses that reported any breach, which is why one convincing fake email can become the first domino in a ransomware chain. (gov.uk) Small firms are exposed in a very specific way: they often have fewer people, fewer spare laptops, and less room for downtime. Hiscox says 33% of affected small and medium-sized businesses faced substantial fines after a data breach, while 32% reported employee burnout and 29% reported higher customer notification costs. (insurancebusinessmag.com) The basic defenses are not exotic. The National Cyber Security Centre says businesses should separate and protect backups, and it specifically recommends multi-factor authentication, which is the extra login check that asks for a second proof beyond a password. (ncsc.gov.uk) The problem is that many firms still have not done the boring parts. The government’s 2025 survey found only 19% of businesses had provided cyber security training to staff in the previous 12 months, which leaves a lot of companies relying on people to spot scams without much practice. (gov.uk) So the warning here is not that ransomware is a rare catastrophe. It is that for many small businesses, especially ones that live on digital bookings and digital payments, ransomware behaves more like a recurring outage with extortion attached. (hiscox.co.uk)