Last June, we decided to take a look at how prepared British businesses were in case of a ransomware attack. Some of the findings were surprising. For example, many organisations were already stockpiling digital currency in case of attack. A year on and one WannaCry later, how are things looking?

Our latest research, published to coincide with Infosecurity Europe 2017, shows that large British businesses are now prepared to pay out an average of £136,235.44 to regain access to important intellectual property or business critical data. This means that the average amount companies are willing to pay out has increased by 361%, from the £29,544 figure highlighted in last year’s research.

The research – commissioned by Citrix UK and carried out by One Poll – quizzed 500 IT decision makers in companies with 250 or more employees across the UK to glean further insights into their strategies to defend against ransomware attacks.

Banking on bitcoin

The poll also revealed that more UK companies are now building a ready stockpile of digital currency (for example, Bitcoin) in case of a ransomware attack — rising from 33% in 2016 to 42% now. In fact, the research has revealed that large UK businesses stockpile an average of 23 bitcoins in case they are suddenly hit by an attack. Almost one in three (28%) keep more than 30 bitcoins on standby — providing them with the equivalent of over £50,000 (accurate as of June 5, 2017) in cryptocurrency in preparation.

The decision to stockpile digital currency reflects a widespread attitude that paying a ransom may be necessary. Just one fifth (22%) of businesses are not prepared to pay anything when struck with a ransomware attack — a reduction from 25% last year.

The mid-market crypto-fightback

Smaller companies are still more likely to keep a ready supply of cryptocurrency, such as Bitcoin, than larger businesses:

  • 50% of businesses with 250-500 employees are stockpiling digital currency now while only one in three (36%) of these businesses were doing the same this time last year
  • In comparison, large businesses with 1,000+ employees have not embraced this shift towards accumulating cryptocurrency – as in 2016, just a quarter (24%) of these businesses are taking this approach

Be prepared or pay out

The 2016 research revealed that one fifth (20%) of companies with 250-500 employees did not have any contingency measures in place in case of a ransomware attack; however, this has fallen to just 7% in 2017.

While many businesses are preparing to block ransomware attacks or pay out if hit, others are missing out on simple cyber hygiene procedures that can limit the impact of a ransomware attack. For instance, over half of large British businesses (55%) still don’t back data up at least once a day.

As we’ve recently witnessed, cybercriminals employ ransomware to exploit the vulnerabilities that exist within British organisations. Many businesses are still being caught out. Organisations must ensure they’re prepared for this very real threat. They must take positive steps to safeguard the IT network, and to protect mission-critical data.

Stockpiling digital currency against a potential ransom may feel like insurance. It isn‘t. There is no guarantee that data will be returned even when a ransom has been paid, and no recourse. Organisations need to reduce the chances of falling prey to ransomware in the first place, by having a contingency plan and sticking to it.

Organisations should also review their technology portfolio.  Proven effective technology, from encryption to virtualisation can keep data and apps safe across all devices and desktops – and out of reach of today’s persistent cyber attackers.


Citrix commissioned One Poll to conduct an online survey of 500 IT decision makers at companies across the UK with 250 or more employees between 22nd May and 26th May 2017.

This follows an online survey – commissioned by Citrix and carried out by Censuswide – of 250 IT and security specialists in UK companies with 250+ employees which took place between 19th May and 24th May 2016.

To read more about the state of IT security architecture in the UK, you can download this whitepaper, produced in association with the Ponemon Institute, as well as “Ransomware: Four Ways to Protect Data Now.”