40% of Consumers Hold CEO Personally Responsible for Ransomware Attacks

June 17, 2020

Two-fifths (40%) of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to global research from Veritas Technologies.

Furthermore, research shows the public often wants restitution from businesses that fall foul of ransomware - with 65% of respondents wanting compensation, and 9% even wanting to send the CEO to prison.

Simon Jelley, vice president of product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves. The two most essential things that businesses should have in place, according to their customers, are protection software (79%) and backup copies of their data (62%). Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership.”

The research, covering six countries and 12,000 consumers, also appears to show a paradox when it comes to paying ransoms. Most people (71%) want companies to stand up to cyber-bullies and refuse to pay ransoms to get data back. However, when the issue becomes more personal, with a direct threat to their own data, many people change their minds and want the businesses they buy from to negotiate. When it comes to financial data, 55% of respondents want suppliers to pay the ransom to facilitate the return of records.

Jelley said: “It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place. Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”

In fact, the study shows how some consumers quickly lose patience with companies that risk data through ransomware attacks. Almost half of respondents (44%) would stop buying from a company that had been the victim of such a crime.

The research, covering consumers in China, France, Germany, Japan, the UK and the USA, uncovered some interesting patterns that emerge from country to country:

In China, people have the highest tendency to change their minds on negotiating with cybercriminals, when it’s their own critical information. While 80% of respondents believe businesses shouldn’t negotiate in general, when it becomes a personal issue of recovering their own data, that number drops sharply to just 16%.

Brits have the strongest feelings about standing up to cyber-bullying demands, with 81% believing businesses should not negotiate with criminals.

The French seem to be the most forgiving respondents from surveyed countries, with less than one quarter (24%) wanting to blame company heads, just over half (55%) believing only criminals can be blamed for ransomware attacks, and only one-third (36%) considering dropping a company’s services after an attack.

Inversely, the Japanese and Chinese are the least forgiving, with 49% and 51% dropping company services after an attack, and China looking to blame business heads directly (66%).

Germans are most vociferous about harsh punishment for leaders following an attack, with 29% of those who blame the leaders seeking a prison sentence.

In contrast, in the United States, the most common attitude for those blaming leaders is to seek fines as punishment (41%).

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

40% of Consumers Hold CEO Personally Responsible for Ransomware Attacks

Related Articles

Related Products

Report Abusive Comment