Priya PatelTLDR:
- While 94% of UK organizations have a policy not to pay out in the event of a ransomware attack, 97% of those that have fallen victim in the past two years have paid out a ransom.
- Three-quarters of respondents said their company would be willing to pay over £2.4 million to recover data and restore business processes, with four in ten saying the figure would be more than £4 million.
According to a report by data security and management firm Cohesity, most “do not pay” ransomware policies in the UK are not being followed. The report found that 97% of UK organizations that have fallen victim to a ransomware attack in the past two years have paid out a ransom, despite having a policy against it. The study, which polled over 900 IT and security leaders in the UK, US, and Australia, also found that many organizations are willing to pay large sums to recover their data and restore business processes, with three-quarters of respondents stating that their company would be willing to pay over £2.4 million, and four in ten saying the figure would be more than £4 million.
Cohesity’s global head of cyber resiliency GTM strategy, James Blake, highlighted the risks associated with paying ransom demands, including potential losses of data and breaching sanctions. The report also revealed that the majority of respondents had experienced a cyber attack in the second half of last year and believed that cyber threats would continue to increase in 2024. Only a quarter of respondents had full confidence in their company’s cyber resilience strategy, and the majority said they would need more than 24 hours to recover data and restore business processes.
The report also emphasized the need for improved executive awareness and responsibility for data security, with many respondents stating that senior management does not fully understand the risks and challenges of data protection. Four in five respondents believed that executive management and boards should share responsibility for the company’s data security strategy.
In terms of the consequences of a successful cyber attack, respondents were most concerned about brand and reputational damage, long-term operational outcomes and projects, direct hits to revenue, and a loss of stakeholder trust.
Original article written by Emma Woollacott for ITPro.
