News

Most Pay Ransomware Despite Claiming They Never Would

By mjackson
17.02.17

Within the last 24 months, 44 per cent of all UK organisations have been infected by ransomware, and 27 percent of those were infected more than once, according to recent research published by cyber security firm, Trend Micro.

Ransomware is a type of malicious software (malware) designed to block access to specific data, files or even the entire computer until a designated sum is paid to the cyber criminals responsible for the attack. Of the organisations that have been infected with this type of malware, 1 in 3 stated that their employees were affected by the attack along with an estimated 31 percent of their customers. This type of cyber attack can be especially dangerous if an organisation does not have any sort of digital backup for the data and files that could be sequestered by malware.

Despite the potential damage that this type of cyber attack could cause, nearly 75 percent of surveyed organisations who have not been infected by ransomware stated that they would never pay cyber criminals. Yet, 65 percent of organisations that have been infected end up paying the ransom. The average cost for an organisation is £540, but 1 in 5 businesses have paid more than £1,000. Unfortunately, less than half of those organisations actually get their blocked data back.

The effects of a cyber attack are not just financial, as an organisation infected with malware may also be affected by a loss of reputation and business interruptions. In fact, it takes an average of 33 hours to repair the damage caused by ransomware. To ensure that your organisation is protected from ransomware, follow these simple best practices:

  • Provide all employees—from the directors and officers to the interns—with comprehensive data security training to ensure that they know how to identify and manage cyber security threats, such as suspicious email requests or webpage prompts.
  • Purchase cyber insurance and install security software on each computer in your organisation to detect and stop malware and viruses. In addition, you may want to consider drafting a non-work mobile device policy to minimise the potential of a data breach caused by an employee’s personal device.