60 percent of organizations would consider paying in the event of a ransomware attack
- Published: Friday, 18 June 2021 09:27
Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would make a payment in the event of a successful ransomware attack according to new research from the Neustar International Security Council (NISC). When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.
The study, which was commissioned by Neustar and run by Harris Interactive, comes just days after US meat-processing giant, JBS confirmed it had paid $11 million to the REvil ransomware gang, which locked its systems at the end of May. Earlier this month, Japanese multinational conglomerate, Fujifilm said it had refused to pay a ransom demand to the cyber gang that attacked its network in Japan, instead relying on backups to restore operations.
As a result of these recent high-profile attacks, 80 percent of cyber security professionals reported placing more emphasis on protecting against ransomware threats. When questioned about the technologies available to help them do so, the majority (74 percent) of respondents found current solutions to be either ‘very’ or ‘somewhat’ sufficient in detecting, preventing, and mitigating attacks.
Rodney Joffe, NISC Chairman, SVP and Fellow at Neustar commented: “Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of ‘always-on’ monitoring and filtering of traffic as part of a layered security approach.”
Survey participants in May 2021 comprise 304 professionals across six EMEA and US markets. All are in senior positions within their organizations and able to provide informed opinions about cyber security issues, how these are impacting their enterprise and the wider business community.