94 percent of companies would pay a ransom despite having 'do not pay' policies

Cyberattacks are forcing the majority of companies to pay ransoms and break their 'do not pay' policies, with data recovery deficiencies compounding the problem.

New research from Cohesity, based on responses from over 900 IT and security decision-makers, shows that companies firmly operate in a 'when,' not 'if,' reality of cyberattacks.

Most companies have paid a ransom in the last two years, and the vast majority expect the threat of cyberattacks to increase significantly in 2024 compared to 2023. 79 percent of respondents say their company has been the victim of a ransomware attack between June and December. The threat landscape is expected to get even worse in 2024, with 96 percent of respondents saying the threat of cyberattacks to their industry will increase this year, and over seven in 10 estimating it will increase by more than 50 percent.

Respondents also believe organizations' cyber resilience and data security strategies are not keeping up, as just 21 percent have full confidence in their company's cyber resilience strategy and its ability to address today's escalating cyber challenges and threats.

The time taken to recover from attacks is a major challenge. All respondents say they need over 24 hours to recover data and restore business processes. Just seven percent say their company could recover data and restore business processes within one to three days. 35 percent say they could recover in four to six days, and 34 percent need one to two weeks to recover. Alarmingly, 23 percent need over three weeks to recover data and restore business processes -- no wonder they're willing to pay up.

"Organizations can't control the increasing amount, frequency, and sophistication of cyberattacks such as ransomware. What they can control is their cyber resilience, which is the ability to rapidly respond and recover by adopting modern data security capabilities," says Brian Spanswick, chief information security officer and head of IT, Cohesity. "It is no surprise that the majority of companies have been hit by ransomware. What is alarming is that 90 percent have paid a ransom, breaking their 'do not pay' policies, and most are willing to pay up to $3 million in ransoms because they can't recover their data and restore business processes fast enough."

Executive awareness and responsibility for data security areas where companies can improve according to the study. Just 35 percent say their senior and executive management fully understands the serious risks and daily challenges of protecting, securing, managing, backing up, and recovering data. Four in five say executive management and boards should share the responsibility for their company's data security strategy, with 67 percent saying their company's CIO and CISO, in particular, could be better aligned.

You can read more on the Cohesity blog.

strong>Image credit: Anidimi/depositphotos.com