What's putting you at risk?

We surveyed over 2,000 business leaders like YOU to identify the key risks you’re facing and created the UK Business Risk Report - full of practical insights to help you tackle them. Download your FREE copy today.

Looking at ransomware in recruitment – what are your risks?

"Ransomware is a significant threat facing the UK that businesses should take seriously." That's the warning recently issued by the National Cyber Security Centre (NCSC) CEO.1 The number of attacks has grown enormously since this form of cybercrime first attracted widespread attention in 2017 when WannaCry spread to more than 150 countries in a worldwide ransomware outbreak— the most significant cyber-attack to have hit the NHS to date.2

Since then, the pandemic has increased the vulnerabilities of many organisations, with staff working at home and often using personal devices. The risks continue to grow, with attacks doubling in a year, leaving every industry under threat, including recruitment.3

What is ransomware?

Ransomware is malicious software (malware) used by cybercriminals. A ransomware attack happens when hackers penetrate systems, encrypt data and demand a ransom for the decryption key and access to the data again. Hackers may also claim to have stolen confidential data and threaten to publish it unless a ransom is paid.

The impact of these attacks can be significant. Lack of access to computer systems impacts every aspect of day-to-day recruitment operations. As well as harming productivity and revenue, they also destroy computer systems and damage reputations. Costs such as business downtime, lost orders and operational costs grew from an average of $761,106 (£578,440) in 2020 to $1.85 million (£1.36 million) in 2021, making the average cost of recovering from a ransomware attack ten times the size of the ransom payment.4

To add to this, if the attack results in a leak of personal information— which may be a heightened risk for recruitment firms— further significant costs can follow, from the expense of dealing with the breach to hefty fines General Data Protection Act (GDPR) fines.5

Ransomware in recruitment

Between July and December 2021, the Information Commissioner's Office (ICO) recorded 1,345 "cybersecurity incidents", including ransomware attacks. According to the ICO data, this represented an increase of nearly 20% on the same period in 2019.6

Several recruitment companies have reported severe incidents recently. In September 2021, administrative staffing agency Career Group suffered a ransomware attack that leaked personal data, affecting 49,476 individuals.7 Then, in December 2021, Finite Recruitment fell victim to a ransomware attack during which cybercriminals claimed to have stolen over 300Gb of data— including customer databases, contracts and financial data.8

Because of the potential consequences of being caught out and the risk recruitment firms face, it is critical to understand how ransomware works and take steps to defend against attacks.

How ransomware works

Accessing computer systems

Hackers — or cybercriminals — will start by targeting your organisation using various techniques to access computer systems. This could be using a traditional 'hack' exploiting security gaps, chat messages, removable Universal Serial Bus (USB) pen-drives or browser plugins. The most common method is using phishing email campaign designed to trick employees into clicking on links or downloading attachments.

Encrypting your data

With access to your computer systems, attackers will install malicious software (malware). This malware spreads across your network, encrypting files, locking down networks, disrupting your business, and potentially stealing large quantities of data; essentially holds your files and data hostage, wreaking havoc on a vast scale.


Once this software is in your system, you won't be able to decrypt your files without a key known only to the attacker. The ransomware will then display a message explaining that files can only be accessed in exchange for paying a ransom to the attackers—commonly in bitcoin.

Five ways to protect your recruitment business from ransomware

Prevention is always better than cure when it comes to potential business risks. However, while no organisation can ever be completely free from the threat of ransomware, there are some simple steps you can take to reduce the risk:

1. Vigilant staff

Ensure staff have completed cyber-security awareness training and run phishing email campaigns to help employees recognise attacks.

2. Complete regular backups

It's important to schedule regular backups properly to prevent malware from spreading and infecting your systems. Follow the 3-2-1 backup rule:

  • three copies of your data
  • two different backup formats
  • one backup stored offsite and offline.9

3. Secure remote desktop ports

Remote desktop ports that allow access to a computer from a remote location can present opportunities for cybercriminals. To minimise this risk, close down remote desktop ports on all devices. If that's not possible, ensure that access is controlled by multi-factor authentication.

4. Two-stage security access

To make it difficult for attackers to gain unauthorised remote access to your systems, always require a password and a second security element when allowing any remote connection to your network or business application. This second element could be a security code delivered to a registered mobile device.

5. Antivirus

Patches are quick updates designed to fix or improve a software's functionality. They're often deployed to shore up security vulnerabilities quickly. It is essential to install patches as soon as they are available, so make sure automatic patching of your operating system and internet browsers is enabled. Similarly, stay on top of antivirus software updates; they're often released in response to new and emerging threats that can go unnoticed if the antivirus software is out-of-date.

There's more advice on preparing your organisation for potential malware and ransomware attacks on the NCSC website.11

Ransomware and the role of cyber liability insurance

The reality is ransomware works. Cybercriminals are making good money from it and, as a result, their approaches are becoming more sophisticated. That means no organisation can be complacent regarding cybersecurity; it is also essential to minimise the impact if the worst should happen.

Cyber liability insurance can provide invaluable peace of mind, comprehensive cover and access to a team of specialists should your organisation become a victim of ransomware.

Our team is experienced in dealing with cyber risks and protecting against them. We'll arrange the right cyber liability policy for your organisation that covers liabilities across media, data security, viruses and hacking and help with the cost of computer systems restoration, customer notification, credit monitoring and legal fees when necessary.

We’re here to help you manage your cyber liabilities. That’s why we’re For The People.

For more information, please get in touch.



1. https://www.ncsc.gov.uk/news/rusi-lecture
2. https://www.bbc.co.uk/news/technology-41753022
3. https://www.theguardian.com/uk-news/2021/oct/25/ransomware-attacks-in-uk-have-doubled-in-a-year-says-gchq-boss
4. https://www.sophos.com/en-us/press-office/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year
5. https://www.itgovernance.co.uk/dpa-and-gdpr-penalties
6. https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat
7. https://www.datto.com/blog/backup-strategy-what-is-the-3-2-1-backup-rule
8. https://heimdalsecurity.com/blog/what-is-a-software-patch/
9. https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

Peter Stoll
A director of the Marsh Commercial Manchester branch, Peter Stoll ACII, also heads up the recruitment division. With 35 years’ experience of delivering bespoke insurance solutions for recruiters, Peter has developed a wealth of knowledge of the sectors’ insurance demands and needs.