Companies more disposed to pay ransomware attacks
16 February 2016 | 0
A quarter of companies have made their mind up when it comes to a ransomware attack — they are paying the ransom, according to a new study.
Twenty-four percent of companies say they would pay. And not only would they cough-up the money, but 14% of the polled would pay $1 million or more to prevent the attack, according to findings by the Cloud Security Alliance (CSA) and Skyhigh, who have compiled the study. The CSA is a non-profit promoting best-practices in cloud use; Skyhigh is a cloud security company.
The CSA surveyed 200 IT and security professionals across sectors worldwide. The researchers have been examining cloud take-up along with risk. They think that cyberattacks overall are a concern for enterprises “when it comes to moving their systems of record to the cloud,” CSA and Skyhigh say in their report.
Systems of record data includes CRM management, accounting, and so on. Skyhigh thinks this genre of enterprise data will be the next major transition to the cloud.
Cybersecurity Insurance is an option to mitigate cybercrime, the report says. “Many cyber insurance plans now offer the option of cyber ransom coverage” too, says the report.
And that availability of insurance has something to do with the numbers of professionals who say they would pay in a ransomware attack, say the study’s authors.
Cyber insurance can pay out if the company hands over the demanded money. And there is a correlation “with whether the company has cyber insurance,” and if they would pay, the study found.
The researchers reckon that companies who didn’t have the insurance are less likely to pay out. But not by much.
It might be a good idea, however, to check with the insurer before actually filling a bag with used green-backs and handing it over in some dark alley.
Target, in its 2013 (non-ransomware) credit card terminal data breach, only got $90 million in insurance payments for an attack that cost it $264 million, according to the authors of this study.
Companies are concerned about a gamut of problems in an attack, not just data loss.
The 200 respondents were most concerned about lost reputation and trust, the study found. Financial loss was the second most concerning issue. That was followed by worries related to data loss and destruction of data. Intellectual property issues and data manipulation rounded out the concerns.
Not just cloud
To cloud or not to cloud? It’s worth noting that the majority of physical PCs in the workplace were hit by a malware attempt in 2015, security outfit Kaspersky says. And indeed only 35% of the IT leaders polled in the study think cloud is less secure than “on-premises counterparts,” Skyhigh says on its web site.
IDG News Service