Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked

July 1, 2016
by Heather Landi
| Reprints
Click To View Gallery

How many companies would pay a ransom if they were attacked by ransomware? According to a recent survey, it may depend on whether the organization has already been the victim of a ransomware attack.

The Radware 2016 Executive Application and Network Security Survey found that 84 percent of U.S. and U.K. information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom, but among firms that had been attacked, almost half (43 percent) paid the ransom.

For the survey, Merrill Research polled 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom.

The survey findings also indicated that among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent of IT executives in the U.K. And, companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.

The survey results also indicated that companies see telecommuting as a security risk, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. However, the survey results indicate that wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.

The survey also found that many IT executives surveyed think the Internet of Things (IoT) could become a major security problem. “Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent,” the survey authors wrote.

And, looking at the financial costs of a cyberattack, more than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5 percent said they spent more than $10 million. Costs in the U.K. were generally lower, with 63 percent saying an attack had cost less than £351,245 or about $500,000, though 6 percent claimed costs above £7 million.

There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.

And, increasingly IT executives are looking at what’s referred to as ethical hackers, or white hat hackers, to help strengthen their cyber defenses. “Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, ‘Nothing beats a poacher turned gamekeeper,’” the survey authors wrote.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” Carl Herberger, Radware’s vice president of security solutions, said in a statement. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.