A new study into ransomware from Talion has revealed that 20% of UK office workers would expect their employer to pay a ransom demand from cybercriminals, if its network was infected with ransomware and their personal employee data was impacted.
The study was carried out in June 2021 and studied the attitudes of 1000 UK employed individuals towards ransomware and cybercrime. Other findings revealed that 59% of respondents would stop shopping at their favourite retailer if it suffered a ransomware attack, while 78% believe that payments to ransomware criminals should be made illegal. Additionally, the study also revealed that when individuals were asked if they would feel safer doing business with an organisation that was transparent about the cyber attacks it was facing, 18% said they would.
Interestingly, the survey also revealed that when an individual’s personal data is not impacted, they are less likely to encourage ransom payments to cybercriminals. When asked how the UK government should respond to a ransomware attack on the country’s fuel supplies, 46% said do not pay attackers and restore systems manually, even if it results in a longer shortage of gas.
“Today consumers still see ransomware attacks as a failure and will boycott businesses that fall victim to them,” said Keven Knight, COO, Talion. “The reality is ransomware is impossible to prevent entirely. An organisation can deploy the best security in the world, but it only takes one wrong click for the threat to get in. Does this mean the company should suffer the operational and financial loss from the attack, and then lose their customers entirely as well? This seems harsh. We need to move away from seeing ransomware attacks as a failure. They are not and they can happen to anyone.
“Instead, organisations should prepare for attacks and identify their ‘worst-case scenario’ cyber situation and throw all the budgets into defending against that. Once organisations have a clear understanding of what they stand to lose from ransomware, they can allocate security budgets, keeping critical losses to an absolute minimum.”
The study was carried out to support the recent launch of #RansomAware, a new campaign which encourages organisations to openly talk about the ransom attacks they have suffered, so the industry can pool intelligence and collaborate to make defences more effective. “Our study also highlighted that when an individual is personally impacted by a ransomware attack, they are far more likely to encourage a ransom demand payment,” Knight continued. “However, this does little good as getting data back rarely happens and attackers often make copies of what they steal.
“It is promising that so many consumers feel safer doing business with organisations that are transparent about the attacks they are facing. The more companies share about the attacks, the more we can learn and improve collective defences,” continued Knight.