Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Survey Says a Quarter of Companies Would Pay Ransom to Hackers

cyber 2 responsive default
January 14, 2016

Nearly a quarter of companies (24.6%) say they would be willing to pay hackers a ransom to prevent a cyberattack, a new survey finds.

To stop cybercriminals from releasing sensitive information, 14% of companies would pay a ransom in excess of $1 million, according to a survey of 209 information technology security professionals worldwide by the Cloud Security Alliance.

The survey, The Cloud Balancing Act for IT: Between Promise and Peril, found that one factor influencing willingness to pay is whether or not the company has cyber insurance, which would cover the cost, the report said. About 28.6% of companies with cyber insurance say they would pay ransom, compared with 22.6% for companies without such insurance policies.

The survey also found:

•The top barrier to stopping data loss in the cloud is a lack of skilled security professionals – is security analyst the next hot job opportunity?
•Customer relationship management (CRM) is the most widely used cloud-based system of record today, but companies have plans to move other systems to the cloud
•Cloud confidence rising: 64.9% of IT leaders think the cloud is as secure or more secure than on-premises software
•CISOs play an important role in security – having one makes a company more likely to take steps to prepare for a cyber attack

"Employees and the line of business are key elements in driving corporate cloud adoption. IT professionals we surveyed receive, on average, 10.6 requests each month for new cloud services. Even considering there is likely overlap in these requests, that’s a tremendous number of cloud services that must be vetted," the survey said. "Perhaps that’s why 71.2% of companies now have a formal process for users to request new cloud services. However, these programs are still evolving. Of companies with a formal process, 65.5% indicated that they only partially follow it."

As quickly as companies are responding to requests to enable cloud services, they may not be responding quickly enough or sufficiently to meet the demand, the survey said. An overwhelming majority of IT professionals surveyed, 71.3%, said their companies have plans to offer more support for cloud to the lines of business. Much of the attention on cloud adoption has been focused on innovative social media, file sharing, content sharing, and communication applications. However, most businesses also rely on back end systems that at their core maintain records on employees, customers, and materials as they move through the supply chain. Companies are beginning to move these applications to the cloud as well.

In terms of barriers to cloud adoption, the primary obstacle noted by 67.8% of companies was the ability to enforce their corporate security policies. Next, 61.2% of companies said that concern about complying with regulatory requirements was a barrier. Budget-related constraints do not appear to be a major hesitation when it comes to replacing a legacy on-premises system of record with a cloud based equivalent.

Considering the financial impact that a major data breach can have on a company, information security is an increasingly important function to reduce the risk and the potential impact of incidents. Recognizing the importance of security, more companies are appointing a Chief Information Security Officer (CISO), to manage the information security team, according to the report. Today, 60.8% of companies have a CISO. A CISO’s role can vary, but it often includes setting security policies, overseeing regulatory compliance, and taking responsibility for data privacy. "Company size appears to have a significant effect on whether a company has made an investment in hiring a CISO to head the information security team. Larger companies are significantly more likely to hire a CISO versus their smaller counterparts; 82.4% of companies with more than 5,000 employees have a CISO, while only 50.6% of companies with fewer than 5,000 employees have one," the report noted.

A key question when a company creates a CISO position is the best reporting structure. "Some people argue that since information security is a core aspect of information technology, the CISO should report to the Chief Information Officer (CIO)," the report noted. "Others argue that the CIO’s mission to enable the business with new technology conflicts with the CISO’s mission to protect the company’s information. The security of a company’s information has become so business-critical that it’s a function that should report directly to the CEO," the report said. The report found that 41.8% of CISOs report to the CIO. Another 32.0% of them report directly to the CEO. Reporting structure is highly dependent on the company’s size, however. At companies smaller than 5,000 employees, the CISO is most likely to report to the CEO. At companies with more than 5,000 employees, the CISO is most likely to report to the CIO. One possible explanation is that while the span of control for CEOs of large enterprises has doubled in the past several decades to 10 direct reports, and while CEOs increasingly manage functional specialists like the CIO, security is not yet perceived as something that CEOs should directly manage.

Following a breach, the survey noted that many companies rely on cybersecurity insurance to cover part of the cost of the incident. Following the Target credit card breach in 2013, for example, the company’s insurance covered $90 million of the $264 million cost related to the attack. Many cyber insurance plans now offer the option of cyber ransom coverage, which pays for the costs associated with making ransom payments to cyber attackers. The willingness of a company to pay a ransom to stop a catastrophic release of stolen information is correlated with whether the company has cyber insurance, the report said. Companies without cyber insurance are less likely than average to pay a ransom. Just 22.6% of these companies would pay a ransom. Across companies with cyber insurance, 28.6% would pay a ransom, higher than average.

The full report is at http://info.skyhighnetworks.com/rs/274-AUP-214/images/WP%20CSA%20Survey%20Cloud%20Balancing%20Act%200116.pdf
 

KEYWORDS: CEO CISO cloud security cyber attack cyber security cyber security insurance cybercriminal data breach hackers IT security security policy supply chain security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber6-900px.jpg

    Survey Says a Higher Percentage of Companies Have Been Targeted by Nation-State Hackers

    See More
  • ransomware-freepik1170x658.jpg

    9 in 10 companies attacked by ransomware would pay if hit again

    See More
  • Doorway to Cybersecurity

    Fla. City to Pay $600K Ransom to Hacker

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing