Majority of American Business Owners Unlikely to Pay Off Cybercriminals in Ransomware Attack
Business owners in the U.S. recognize the severity of ransomware and the potential disruption to business operations, yet 84 percent say they would not pay in the event of an attack, according to a new survey by IDT911. Of these business owners, some routinely back-up their business files and could therefore restore processes, whereas others simply wouldn't pay cybercriminals—even if it meant not recovering information.
Industry pundits have predicted 2016 to be the year of ransomware, following a dramatic uptick last year of cybercriminals holding businesses' digital systems hostage in exchange for money. The FBI's Internet Crime Compliant Center reports a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars. And since January 1, Symantec Security Response has seen an average of 4,000 ransomware attacks per day—a 300-percent increase from last year.
While such interference is detrimental to organizations of all sizes, every minute a business is forced to spend offline, is particularly damaging to revenue streams. More than half (60 percent) of business owners acknowledge this vulnerability and agree that they would immediately report the attack to law enforcement authorities, as one out of three respondents (33 percent) say they could not go without access to critical business systems for any length of time.
Despite a heightened awareness of ransomware threats, survey responses indicated that business owners may place too much confidence in their backup systems and processes: A majority (65 percent) currently do not, nor plan to, budget extra funds to regain access and more than half (52 percent) do not have cyber insurance protection.
"Ransomware is the Zika virus of the business world and there is absolutely no telling how far and wide this will spread," saidAdam Levin, founder and chairman of IDT911, and author of Swiped. "Training alone isn't enough, cyber insurance alone isn't enough and, sure as heck, backed-up data alone isn't enough. We're talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business. Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control."
Additional key findings include:
- Only three percent say they would pay $10,000 or more in a ransomware attack, whereas 10 percent would pay between $1 and $100.
- Nearly a quarter of business owners (22 percent) say they are unsure how to, or were not aware of the need to, back up their system and files.
- A mere five percent of business owners currently set aside funds in case of ransomware attacks.
- Female business owners are more likely than men to report ransomware attacks to authorities right away.
- Millennials (ages 18 to 34) are more likely to have cyber insurance protecting their business than those respondents aged 35 to 44.