"Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more," the report quoted OTA executive director Craig Spiezle as saying. "Cyber-surge pricing of corporate data is becoming widespread, increasing the impact and costs for businesses and their employees worldwide."
Coping with the open-ended risks of such attacks would probably mean that cyber-insurance was going to increase in popularity as a way or rationalising uncertainty over costs.
UK organisations reel under ransomware and DDoS surge - HSBC's latest DDoS
After a record year for high-profile DDoS attacks in 2015, only days ago UK bank HSBC suffered one severe enough to disrupt customer account access, about as bad as it gets for a bank. That a DDoS attack could cause that sort of issue is astonishing given the size of the bank's systems and the sink-holing it will have in place to mitigate such events. The institution did not explain the motive behind the attack but a ransom demand remains a possibility as does using it to act as a smokescreen for deeper incursions into the bank's systems.
It's not even the first such attack to hit the company and its customers after a similar one in 2012.
According to recent numbers from security firm Imperva, network-based DDoS attacks on the UK spiked significantly during 2015, and rose almost a quarter between the third and fourth quarter of the year. The MO is also shifting towards very high-throughput attacks based on short bursts, enough to cause problems for on-demand mitigation services. The firm describes this technique as akin to a war of attrition.
Is the UK coming in for special treatment? It is now among an unfortunate top group in terms of being on the receiving end of DDoS attacks, whether motivated by ransom demands or not.
"The United Kingdom has a strong online business community and strong Internet infrastructure, which enables the execution of large scale attacks. The combination of both is the reason why recently we see more and more reports against UK-based businesses and more concern about DDoS attacks from local business and government sectors, including recent high-profile arrests of alleged DD4BC and LizardSquad members," Igal Zeifman, senior digital strategist at Imperva, told Computerworld UK.
"The quarter-on-quarter increase is an opportunity to highlight the fact that UK has one of the most frequently targeted online business communities.
"I think the increase is too substantial to be related to the activity of any individual extortionist group or hacker organisation. Rather, I would relate it to an increased adoption of DDoS-for-hire services by non-professional perpetrators, who are likely using them in DDoS extortion campaigns," he added.
Sign up for CIO Asia eNewsletters.