'Staggering' number of firms would pay hackers $1m ransom
Fourteen per cent of execs would stump up seven-figure sum to prevent a cyberattack, research claims
One in seven company execs quizzed in a survey said they would be willing to pay hackers a ransom of more than $1m (£694,000), a finding the research's authors branded "downright staggering".
According to the global survey of more than 200 IT leaders, 24.6 per cent of those questioned said they would be prepared to pay a ransom to prevent a cyberattack, with 14 per cent saying they were willing to stump up over a million.
Whether or not firms under attack should give in to ransom demands emerged as a topic in the channel last autumn as a spate of tech e-tailers were hit by DDoS attacks. One of the victims, Aria Technology, refused to pay, instead putting up a bounty for catching the perpetrators.
But Nigel Hawthorn, chief European spokesman at SkyHigh Networks - which conducted the survey in partnership with the Cloud Security Alliance - argued that too few firms are willing to take such a zero-tolerance stance.
"It's shocking that so many companies are willing to pay even a penny's ransom, and would trust hackers not to follow through with an attack," Hawthorn said.
"The idea that some would pay more than $1m is downright staggering. There are no guarantees at any price, and there is no way back once the payment is made."
Hawthorn added: "Examples of companies refusing to pay up, such as Meetup.com, are few and far between. As such, hackers are increasingly confident they can hold businesses over a barrel; that they can execute crippling cyberattacks and that most businesses would rather pay up than put up. There will be several high-profile examples of ransomware in 2016, and countless unreported incidents on top of that."
The findings follow research last summer claiming that cybercriminals can expect to bank $84,100 in profit from a typical monthly ransomware campaign, equivalent to an annual pay packet of just over $1m.
Some 59 per cent of the 209 IT leaders questioned in the survey were based in the Americas, with 28 per cent based in EMEA and 16 per cent in Asia-Pac. Half the respondents were IT security professionals.