Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
Paying ransoms is seen as an easier alternative for many businesses despite government advice to the contrary.
A new report has shed light on the attitude of Australian businesses when it comes to ransomware payments, and for many companies, paying cyber criminals is simply the cost of doing business.
McGrathNicol Advisory’s Ransomware Survey, now in its third year, has found that 56 per cent of the 500 businesses (each with 50-plus employees) polled had suffered a ransomware attack in the past five years. Fourteen per cent of businesses had suffered multiple attacks.
Alarmingly, of those businesses impacted, 73 per cent chose to pay the ransom, with 74 per cent of those paying within 48 hours of the initial incident. This is in contrast to the government’s line that paying ransoms only encourages ransomware operators.
The estimated average ransom demand is $1.03 million, a figure that hasn’t changed much in the three years the survey has been running, though businesses are apparently willing to pay more – up to $1.32 million if necessary.
Seventy per cent of all businesses – even those who have not suffered an attack – said they would be willing to pay a ransom in the future.
Business attitudes to mandatory reporting are also shifting, and sadly worsening. Only 60 per cent of business leaders now feel that ransomware attacks should be reported, compared to 75 per cent in 2022.
As to what motivated businesses to pay up, and pay quickly, 74 per cent of businesses paid a ransom to avoid brand damage and the release of sensitive information data.
The report also reveals a degree of overconfidence among businesses. While 88 per cent feel they are prepared for a ransomware incident, only 61 per cent have an incident response plan in place, while 18 per cent aren’t even sure if one exists.
“Businesses are still overwhelmingly paying ransoms, and paying them quickly, to avoid negative backlash from customers, partners and stakeholders. It’s now being factored in as a cost of doing business,” said Darren Hopkins, cyber partner at McGrathNicol Advisory, in a statement.
“The research shows that executives are becoming empathetic and less hard-nosed about reporting these attacks to authorities. But without greater collaboration and knowledge-sharing, our ability to prevent ransomware attacks is undermined. This intelligence can help business leaders make informed decisions rather than rushing into paying an expensive, and potentially illegal, ransom.”
Comments powered by CComment