The vast majority of companies hit by a ransomware (opens in new tab) attack say they would pay the demand simply to be able to get back to work as soon as possible.
A report by Rubrik Zero Labs surveying more than 1,600 professionals, including CISOs, CIOs, BPs, and Directors found more than three-quarters (76%) said they would be likely to consider paying the ransom in case of a cyberattack.
Why business leaders would opt to continue fueling this criminal industry, despite repeated warnings from law enforcement agencies and cybersecurity firms is up for debate, however, the report hints at a painful lack of confidence. Overall, 92% of respondents say they would be concerned they won’t be able to maintain business continuity in case of a cyberattack, and a third believe their board has little to no confidence in their firm’s ability to recover critical data and business applications after such an incident.
Emotional consequences
Still, the number of attacks, and their destructive power, continue to grow.
Almost every leader surveyed said their firm suffered a cyberattack in the past year, on average experiencing as many as 47 attacks in 12 months. Just 5% were able to return to normal operations within an hour of discovering a cyberattack, the researchers found. What’s more, 11% said they did not address previously abused vulnerabilities properly.
The effects of a successful cyberattack reach far beyond financial distress for the company. Almost all of the respondents (96%) experienced “significant emotional or psychological consequences” after a cyberattack. Some worried about the security of their job, while others worried about losing their colleagues’ trust.
A third reported changes in leadership roles as a direct consequence of the attack.
Ransomware attacks have been one of the most dangerous and popular types of cybercrime in the last couple of years. Crooks would infiltrate a target network, steal as much sensitive data as possible, and then encrypt all of the files, preventing owners from accessing them.
After that, they would demand payment in cryptocurrencies, in exchange for the decryption key, and under threat of leaking the stolen data online. Ransom demands vary, but we’ve seen them go into seven figures, depending on the victim.
“It’s clear from this research that cyberattacks continue to produce large impacts against global organizations and the effects are compounding,” said Steven Stone, Head of Rubrik Zero Labs.
“In addition to this rise in frequency and impacts of cyber events, the individuals on the front lines are taking a psychological hit on their wellbeing. Trust is down and anxiety is up. Without a proactive and reliable approach to defend against modern cyberthreats and strengthen confidence in an organization’s ability to resolve these cyber events, these impacts – both human and organizational – will continue to worsen and feed each other. The good news is we’re also seeing pragmatic, proven strategies in this same space paying off and we can build off these approaches.”