60% of organisations would consider paying in the event of a ransomware attack

More than a third of experts perceive ransomware guidance from government and official bodies to be insufficient.

Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organisations have admitted they would shell out funds in the event of an attack, according to new research from the Neustar International Security Council (NISC). When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.

The study, which was commissioned by Neustar and run by Harris Interactive, comes just days after US meat-processing giant, JBS confirmed it had paid $11 million to the REvil ransomware gang, which locked its systems at the end of May. Earlier this month, Japanese multinational conglomerate, Fujifilm said it had refused to pay a ransom demand to the cyber gang that attacked its network in Japan, instead relying on backups to restore operations.

As a result of these recent high-profile attacks, 80 percent of cyber security professionals reported placing more emphasis on protecting against ransomware threats. When questioned about the technologies available to help them do so, the majority (74%) of respondents found current solutions to be either ‘very’ or ‘somewhat’ sufficient in detecting, preventing, and mitigating attacks. A quarter (26%), however, perceived the technologies available to be ‘somewhat’ or ‘very’ insufficient.

Rodney Joffe, NISC Chairman, SVP and Fellow at Neustar commented: “Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of “always-on” monitoring and filtering of traffic as part of a layered security approach.”

On high alert

During March and April, 69% of respondents perceived ransomware as an increasing threat to their organisation, marking their top concern across more than a dozen threat vectors and representing a 16% spike in the average survey response over a two-year period.

This escalated concern followed a warning from the National Cyber Security Centre (NCSC) in March in response to the number of ransomware attacks being carried out on the UK education sector. Since the beginning of the year, multiple schools, colleges and universities have become victims.

One attack against Redborne Upper School and Community College in Bedfordshire even saw pupil’s coursework destroyed, as servers were left unreadable resulting in the loss of a significant amount of data. The school said the attack was likely to cause long-term disruption.

“With less than three in ten (28%) cybersecurity professionals feeling very confident that all members of their organisation know the appropriate measures to take in the event of a ransomware attack, it’s no surprise that the level of concern is rising,” Joffe continued. “Given that more than a third (35%) also perceive guidance from government/official bodies to be insufficient it’s essential that organisations take matters into their own hands and educate all their employees on best practice cybersecurity processes.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.