Skip to content Skip to navigation

Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked

July 1, 2016
by Heather Landi
| Reprints
Click To View Gallery

How many companies would pay a ransom if they were attacked by ransomware? According to a recent survey, it may depend on whether the organization has already been the victim of a ransomware attack.

The Radware 2016 Executive Application and Network Security Survey found that 84 percent of U.S. and U.K. information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom, but among firms that had been attacked, almost half (43 percent) paid the ransom.

For the survey, Merrill Research polled 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom.

The survey findings also indicated that among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent of IT executives in the U.K. And, companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.

The survey results also indicated that companies see telecommuting as a security risk, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. However, the survey results indicate that wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.

The survey also found that many IT executives surveyed think the Internet of Things (IoT) could become a major security problem. “Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent,” the survey authors wrote.

And, looking at the financial costs of a cyberattack, more than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5 percent said they spent more than $10 million. Costs in the U.K. were generally lower, with 63 percent saying an attack had cost less than £351,245 or about $500,000, though 6 percent claimed costs above £7 million.

There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.

And, increasingly IT executives are looking at what’s referred to as ethical hackers, or white hat hackers, to help strengthen their cyber defenses. “Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, ‘Nothing beats a poacher turned gamekeeper,’” the survey authors wrote.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” Carl Herberger, Radware’s vice president of security solutions, said in a statement. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.