80 percent of CISOs will consider paying a ransom to recover data
A new survey of more than 250 CISO reveals that more than half have been hit by ransomware in the past year, with 69 percent saying it is likely they'll be successfully attacked at least once in the next year.
Those who were successfully hit by ransomware are more inclined to pay up, with 65 percent actually doing so. However, full recovery of data occurred only 55 percent of the time. When asked about willingness to pay, 13 percent say they definitely would, but only 20 percent say they definitely wouldn’t.
The study was conducted by CISOs Connect, AimPoint Group and W2 Communications and shows that ransomware has been a driving force for gaining the CISO a seat in the board room. It has also informed priorities and buying decisions.
While paying the ransom remains controversial and is the subject of much debate, CISOs are equally concerned with the financial impact of restoring business operations. This is understandable when the total cost of an attack, including mitigation, recovery and possible payments can total in the millions. According to respondents, there's a 20 percent chance of paying more than $5 million and a five percent chance that the impact could be greater than $50 million.
Only 55 have taken the step of purchasing ransomware insurance and the majority of these are at larger organizations, leaving smaller businesses more vulnerable.
"Our data shows that while ransomware is driving a number of CISO initiatives and planning, many of the efforts may still be siloed," says Aimee Rhodes, CEO and founder of CISOs Connect. "This creates certain areas of exposure, which could cause issues as these attacks continue to accelerate. Based on the CISOs’ feedback, many would benefit from a more holistic approach that prepares them to not only prevent and detect ransomware, but also for the possible financial impact."
You can see more of the findings in the infographic below.
Image credit: Vladyslav Trenikhin / Shutterstock