How many companies would pay a ransom if they were attacked by ransomware? According to a recent survey, it may depend on whether the organization has already been the victim of a ransomware attack.
The Radware 2016 Executive Application and Network Security Survey found that 84 percent of U.S. and U.K. information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom, but among firms that had been attacked, almost half (43 percent) paid the ransom.
For the survey, Merrill Research polled 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom.
The survey findings also indicated that among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent of IT executives in the U.K. And, companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.
The survey results also indicated that companies see telecommuting as a security risk, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.
While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. However, the survey results indicate that wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.
The survey also found that many IT executives surveyed think the Internet of Things (IoT) could become a major security problem. “Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent,” the survey authors wrote.
And, looking at the financial costs of a cyberattack, more than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5 percent said they spent more than $10 million. Costs in the U.K. were generally lower, with 63 percent saying an attack had cost less than £351,245 or about $500,000, though 6 percent claimed costs above £7 million.
There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.
And, increasingly IT executives are looking at what’s referred to as ethical hackers, or white hat hackers, to help strengthen their cyber defenses. “Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, ‘Nothing beats a poacher turned gamekeeper,’” the survey authors wrote.
“This is a harbinger of the challenging decisions IT executives will face in the security arena,” Carl Herberger, Radware’s vice president of security solutions, said in a statement. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”