Ransomware attacks inflict lasting damage on companies, according to a research paper by cybersecurity company Sophos, and suffering a major attack can make an organization more likely to be attacked again because criminals identify it as an easy target. Once attacked, IT and information security staff lose confidence, a downward spiral that soon extends to business leadership. Computer misuse crime can have a similar impact to crimes like burglary, and in some cases worse, says Professor Mark Button, director of the Centre for Counter Fraud Studies at the University of Portsmouth. Many victims reported psychological impacts such as anger, and anxiety, heightened by the fact that criminal convictions are rare, leading to disinterest by law enforcement. Of 52 cases studied, only four led to a conviction and only 13 received some form of police response such as a telephone call, a visit or other communication. More than one third of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge in respect to cybersecurity, compared with 19 percent of those that hadn’t been hit. The report says that almost a third of companies hit with ransomware have five or more third-party suppliers directly connected to their network, so having suppliers monitor the supply chain could have a dramatic effect on preventing ransomware and other kinds of cyber attacks.