Three in five (60%) organizations would consider paying an extortion demand in the event of a ransomware attack, according to a new study by the Neustar International Security Council (NISC).
The research also revealed that one in five businesses would be prepared to spend 20% or more of their annual revenue to restore their systems in these situations.
The findings have come amid a surge in high-profile ransomware incidents in recent months, many of which have resulted in substantial payouts to the perpetrators. For example, just last week, meat processing company JBS confirmed it paid its extorters $11bn. In contrast, last month it was reported that Colonial Pipeline paid out $4.4m after attackers knocked the US’ largest fuel pipeline offline. In the latter case, the US Department of Justice was able to seize the majority of funds paid to the Russian ransomware group.
These incidents have reignited the complex debate on whether it is ever right for organizations to pay a ransomware demand.
Encouragingly, Neustar’s study, which was based on a survey of 304 senior professionals across six EMEA and US markets, found that 80% of respondents emphasize defending against ransomware attacks in light of current events. More than two-thirds (69%) saw ransomware as a growing threat to their organization, making it the top concern across more than a dozen attack vectors.
The participants were also asked for their views on the effectiveness of currently available security technologies in protecting against ransomware. Close to three-quarters (74%) said they were either ‘very’ or ‘somewhat’ sufficient, while 26% viewed the technologies as ‘somewhat’ or ‘very’ insufficient.
Rodney Joffe, NISC Chairman, SVP, and fellow at Neustar, commented: “Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of “always-on” monitoring and filtering of traffic as part of a layered security approach.”