80% of UK consumers think organisations should refuse to pay ransoms, but still hold companies financially liable for their personal data, a Veritas Technologies report explains.
Research from data management company Veritas Technologies concludes users in the UK expect an average pay-out of £678 from businesses for a ransomware attack.
But, 80% of UK consumers think businesses should not negotiate with criminals, & refuse to pay the ransom.
A 3rd plus (35%) think CEOs of a business are personally responsible for any ransomware attack a business endures.
One-fifth (22%) say the CEO should face a prison sentence if the company becomes a victim of a ransomware attack.
Should never pay
Bharat Mistry, Principal Security Strategist, Trend Micro observed “Businesses should never pay the ransom. By doing so they set themselves up to be on a target list for some other criminal gang. Organisations need to wake up to the cyber threat & treat information security as a business-wide priority & not just an IT issue.
“If businesses treated cyber risk in the same manner as a business risk & set aside appropriate budget then the fallout from a cyber-attack would be minimal.”
More than four-fifths (85% expect there to be protection software in place, while 64% believe companies should have back-up copies of their data.
When a consumer’s own personal data is threatened by an attack, there is a change, as they want businesses to pay an avg. £678 per user to hackers.
Of the 2,000 surveyed in UK the avg. stated the following amounts for differing data types:
- Personal finances £1,088
- Child’s data £926
- Government records £899
- Medical records £884
- Personal cloud data £784
- User credentials £694
- Webmail £618
- Customer records £514
- Dating profile £455
- Messages £448
- Basic personal data £427
- Playlists information £405
- Average £678
Over two thirds (68%) thought they should be ‘personally compensated’ if the company still cannot retrieve the information that was stolen.
Dilemma of whether to pay
Simon Jelley, VP Product Management at Veritas Technologies, said: “While it may initially seem like businesses can’t win regardless of whether they pay or not, they are actually getting a clear message from consumers: people want their providers to escape the dilemma of whether to pay, or not to pay, by avoiding the situation in the first place.
“Our research shows that, if businesses want to please their customers, they need to prepare for an attack & be ready to recover from it – so, if the worst happens, they have tried-and-tested recovery procedures in place & there’s no need to pay-out.”
Safely restore their data
Businesses that have adopted protection software & data backups are thought better able to respond to ransomware attacks. Normally, they either prevent an attack or safely restore their data without having to pay.
Jelley further remarked “In the past, ransomware was something that only affected a few unlucky people who were forced to pay a couple of hundred pounds to regain access to their locked-out laptops.
“Nowadays, it is a multibillion-pound-a-year industry, as cyber-criminals increasingly target vulnerable organisations. The costs don’t stop with the ransom pay-out; our survey also showed that people want to see fines & compensation too.”
A summary of survey results explains just where data has been lost:
- More than one-fifth (22%) said the CEO should face a prison sentence
- A quarter (25%) said the CEO should be banned from running companies in the future
- Almost two-fifths (38%) said the CEO should pay a fine
- Nearly two-fifths (36%) said the CEO should resign
- More than a fifth (22%) said the CEO should take a pay cut or be demoted
- Around two-fifths (39%) said the CEO should publicly apologise
There is the major cost too of getting a business up & running, with downtime, loss of production, & difficulties delivering or billing for products.
Jelly said: “As a result, global ransomware damage costs are estimated to exceed £9 billion annually this year, & this does not take into account the cost of reputational damage to a company’s brand.”
These findings form a part of worldwide research, which asked consumers in China, France, Germany, Japan, the United Kingdom & the US what they ‘thought’ about ransomware.
Research conducted & compiled for Veritas Technologies LLC by 3Gem.
2,000 consumers were interviewed – April 2020 in each market (China, France, Germany, Japan, United Kingdom & US) speaking to 12,000 adults over 18.