CIO Influence
CIO Influence News Cloud Security

Over Half of Businesses Now Have a Policy on Whether to Pay Out on Ransomware Attacks, Says Databarracks Research

Over Half of Businesses Now Have a Policy on Whether to Pay Out on Ransomware Attacks, Says Databarracks Research
Reliance on cyber insurance, or paying out if cost is lower than internal recovery, highlight short-term approach

Databarracks has revealed 54% of businesses now have a defined policy in place to deal with ransomware attacks – whether this means paying a ransom, relying on insurance policies or refusing to pay at all.

The findings are from Databarracks’ 2021 Data Health Check, launching today. Running since 2008, the annual report surveys over 400 IT decision-makers in the UK on critical issues relating to cybersecurity, IT resilience, cloud and remote working.

Recommended ITech News: Infineon and Amber to Collaborate on Commercialization of Amber’s Breakthroughs for Digital Control of Electricity in Silicon Architecture

When asked if their organisation had a policy for paying out on ransomware attacks:

  • 21% have a policy to never pay a ransom
  • 14% will pay a ransom if it is lower than the cost to recover systems
  • 13% will pay if the ransom is covered by their cyber insurance policy
  • 6% will pay only as a last resort if there is no other way to recover data

Peter Groucutt, Managing Director of Databarracks, said: “Ransomware is the fastest growing threat we face. 29% or organisations were affected by ransomware in last 12 months, up from just 9% in 2016.

“It’s encouraging to see organisations being proactive, setting policies and taking steps to better protect themselves against ransomware.

Recommended ITech News: Karix Mobile Introduces WhatsApp Business API Solution To Panasonic

“However, the fact almost a third don’t have a policy of any kind is a significant gap. Of those that do, there’s still a strong tendency either to pay the ransom if it’s cost-effective to do so, or rely on cyber insurance policies to cover the financial hit.

“Neither of these approaches are sustainable in the long run. Paying a ransom, even if the demand is relatively small, emboldens criminals to hit harder and more frequently in future. There’s also always the possibility you won’t get your data back after paying up.

“Further, there’s no guarantee insurance policies will cover every claim: a Rusi think tank report has highlighted how the nascent cyber insurance industry has a lot to do to ensure policies are properly constructed and underwritten, and recommends insurers do more to incentivise good cyber practices among customers.”

Groucutt concluded: “Instead of choosing the path of least resistance, organisations should take proactive steps to make themselves more resilient. If your policy is not to pay, you must have alternatives you can rely on. That means not only having backups and disaster recovery processes in place, but that they are tested, and you are confident that you can recover quickly.

“It takes hard work in the short term, but it is the only viable long-term solution.”

Recommended ITech News: Andes Technology Announces Over 2 Billion Shipments Of Andes-Embedded SoCs In 2020

Related posts

Zeta Marketing Platform Becomes the First Marketing Cloud Available in AWS Marketplace

CompTIA Members Offer Aid to Victims of Ransomware Attack

AI Redefines Facility Management: Introducing ARIA by BrainBox

CIO Influence Staff Writer

Leave a Comment