Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked

July 1, 2016
by Heather Landi
| Reprints
Click To View Gallery

How many companies would pay a ransom if they were attacked by ransomware? According to a recent survey, it may depend on whether the organization has already been the victim of a ransomware attack.

The Radware 2016 Executive Application and Network Security Survey found that 84 percent of U.S. and U.K. information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom, but among firms that had been attacked, almost half (43 percent) paid the ransom.

For the survey, Merrill Research polled 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom.

The survey findings also indicated that among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent of IT executives in the U.K. And, companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.

The survey results also indicated that companies see telecommuting as a security risk, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. However, the survey results indicate that wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.

The survey also found that many IT executives surveyed think the Internet of Things (IoT) could become a major security problem. “Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent,” the survey authors wrote.

And, looking at the financial costs of a cyberattack, more than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5 percent said they spent more than $10 million. Costs in the U.K. were generally lower, with 63 percent saying an attack had cost less than £351,245 or about $500,000, though 6 percent claimed costs above £7 million.

There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.

And, increasingly IT executives are looking at what’s referred to as ethical hackers, or white hat hackers, to help strengthen their cyber defenses. “Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, ‘Nothing beats a poacher turned gamekeeper,’” the survey authors wrote.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” Carl Herberger, Radware’s vice president of security solutions, said in a statement. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.