Two-fifths (40%) of business executives would be willing to pay at least a five-figure ransom to restore operations following an attack, going against the advice of governments and law enforcement, according to a new report.
Arctic Wolf polled 500 decision-makers from UK firms with over 1000 employees to better understand their security challenges in the new hybrid workplace.
Respondents’ readiness to pay their attackers is often cited as puzzling given that many (39%) don’t have comprehensive cyber-insurance policies in place. Moreover, these payments often fund pay-outs to digital extorters — a practice that is becoming increasingly controversial and has been banned by AXA in France.
However, their attitudes will be music to the ears of the many affiliate groups targeting countless organizations worldwide with ransomware.
As long as victims continue to pay, threat actors will continue to operate undeterred, which is why institutions like the National Cyber Security Centre (NCSC), the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) strongly advise organizations not to.
It’s also far from guaranteed that victim organizations will regain access to all of their data and systems following payment. There’s an added risk in that today’s threat actors are increasingly likely to have stolen corporate data, which they may monetize at a later date, even after payment.
Arctic Wolf also found that a fifth (20%) of UK execs have previously concealed a cyber-attack to preserve their reputation. Doing so not only impacts intelligence sharing and industry-wide threat prevention but could also land the organization in trouble with regulators.
Interestingly, despite the majority (67%) of respondents believing their company is more vulnerable to attacks if staff work remotely or in a hybrid environment, a similar number (62%) are unsure whether IT teams can identify and detect some threats accurately.
With a third (31%) having paid out between £36,000 and £216,000 to address security breaches in the past year, more investment in detection and response may be needed.
“The constant reports of successful ransomware attacks and growing cyber-threats from foreign adversaries over the past year have left executives feeling ill-prepared to protect their businesses against sophisticated attacks, and that belief has only been compounded by the operational challenges of running a business in a hybrid work environment,” argued Ian McShane, field CTO at Arctic Wolf.
“The best way for organizations to break out of this cycle of fear and uncertainty is to recognize that they don’t have a tools problem, but an operational one, and that embracing security operations will allow them to address the rapidly evolving threat landscape with ease and simplicity.”