iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A large majority of cyber executives would pay ransom demands in the case of a cyber attack, according to new research.
A report published by data security and management organisation Cohesity found that almost four in five senior cyber security staff (78 per cent) across Australia and New Zealand would pay a threat group a ransom payment to recover data and protect business operations.
Of the 500 survey respondents, over 99 per cent said that in the event of a cyber attack, their organisation would need more than 24 hours to recover, 80 per cent said they would need over four days, and 47 per cent said over a week.
In addition, over 95 per cent believed that ransomware was an increased threat in 2023, while 56 per cent said that their organisation had been affected by a ransomware attack in the last six months. An additional 9 per cent were unsure if their business had been affected.
The decision of whether to pay ransom or not is one that has been heavily deliberated of late, with the Australian government exploring the idea of making ransomware payments illegal.
The government has long held the stance that paying ransom to cyber criminals is a bad idea, as it not only encourages and rewards criminals, letting them know that the cyber crime model is effective, but there is also no guarantee that the threat group will meet their end of the deal and delete or restore stolen data.
In addition, it paints a target on any organisation that does pay ransom for other threat actors, as paying proves to hackers that the firm in question is worth targeting.
While the government has maintained the stance that paying ransom is a bad decision, an opinion upheld by the recently attacked Medibank and Latitude, among others, a number of areas of the private sector have said that outlawing ransomware payments is dangerous.
The Insurance Council of Australia said in April that it was hesitant for the government to outlaw ransomware payments and that instead, the government should look to introduce standardised cyber security requirements for businesses.
It is worth noting that if ransomware payments were outlawed, insurance companies would lose out, as many offer ransomware payment insurance to cover the need to pay.
While there is an argument for needing ransomware payments in certain circumstances, such as in cases where the consequences of not could lead to death or other health issues, such as in a critical infrastructure attack on a hospital, cyber insurance in itself could make an organisation more vulnerable, as threat actors may see businesses with insurance as more likely to pay.
According to the Cohesity report, 48 per cent of respondents said that cyber insurance was considerably harder to get in 2023 compared to 2020, likely as a result of increased cost or less willingness to offer in the current cyber climate. Three-quarters of respondents said that their organisation had some form of cyber insurance.
Be the first to hear the latest developments in the cyber industry.
