Some 88% of organisations that have previously been attacked by ransomware would again choose to pay a ransom in the event of another attack. For companies that have not yet been affected by a cyber incident, the willingness to pay is only 67%.
New research from Kaspersky reveals a striking difference in the willingness of business leaders to pay ransom to cybercriminals between companies that have already done so (88% would pay the ransom again) versus companies that have not yet fallen victim to such a ransomware (67% would pay).
You could call the second group 'naive'...but that seems a bit short-sighted. Because 66% of the not-yet-affected companies indicate that they do not consider themselves invulnerable...but that, on the contrary, it is only a matter of time before they too are affected.
If it is not naivety...what is it? Pure luck then?
Or does the fact that they have not yet been hit have some significance? And does their lower willingness to pay indicate that they are better armed...and also better prepared ? In a previous blog ( The RANSOMWARE DILEMMA : pay the ransom or not ? ) we extensively wrote about this topic and described the disastrous consequences of such a ransomware attack. But also that the only reason why companies pay is the simple fact that they have no real alternative. They do not have a plan B. Companies that are better prepared ensure that they do have a plan B in the form of a Business Continuity Plan.
Commitment of top management
Too often top managers look away from the cyber-threats to their business, and consider it - wrongly - as an IT problem for the IT director to deal with. Such an attitude is disastrous and stands in the way of the creation of a working Business Continuity Plan. We dedicated this blog to this topic following a survey by "Belgium Cloud". The need for more involvement of the 'C-suite' within an organisation & their underestimation of the cyber-threat is confirmed by the survey by Kaspersky Labs : "60% of business executives and C-level persons believe that the media makes out that ransomware threats are bigger than they actually are". And that is particularly unjust because: "64% of organizations have already been the victims of ransomware attacks. Amongst these, 79% paid the ransom to their attackers."
Companies that have not yet paid (and have not yet had to deal with ransomware) are thus in the minority. We dare to believe that many of them also have top management who feel impelled to pursue an active cyber policy. To invest in prevention...and in a solid plan.
Perhaps they will be better prepared, less naive and also less willing to pay. We sincerely hope so.
Investing in a solid 'Plan B' pays off enormously. Because research shows - as we wrote in our earlier blog - that 80% of all companies that paid ransom were attacked again afterwards!
How CyberContact helps you
All our insurance formulas cover the payment of ransoms. But we'd rather not do that.
That is why we invested in this free online cyber test that will hold up a mirror to your company. We assess how mature your organisation is in terms of 10 essential policy points, we evaluate the relevance of 10 concrete preventive actions. And we estimate which insurance safeguards are most relevant to your company.
So prevention is essential...just like a solid Business Continuity Plan. And because CyberContract does more than just compensate for damage, our 24/7 Active hotline services make your plan even more robust. For example, we contribute to immediate action when a customer fears it has been affected by a cyber incident. We guarantee the availability of essential niche IT knowledge (forensic IT specialists from CRONOS Security) and, through master Johan Vandendriessche of the AFFLUO office, also provide the necessary legal support.
Click here to read the article on DataNews.
Would you like to read the extensive research results of Kaspersky immediately? Then click here.