Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: IT Executives More Likely to Pay Hacker’s Ransom If Organization Had Been Previously Hacked

July 1, 2016
by Heather Landi
| Reprints
Click To View Gallery

How many companies would pay a ransom if they were attacked by ransomware? According to a recent survey, it may depend on whether the organization has already been the victim of a ransomware attack.

The Radware 2016 Executive Application and Network Security Survey found that 84 percent of U.S. and U.K. information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom, but among firms that had been attacked, almost half (43 percent) paid the ransom.

For the survey, Merrill Research polled 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom.

The survey findings also indicated that among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent of IT executives in the U.K. And, companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K.

The survey results also indicated that companies see telecommuting as a security risk, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. However, the survey results indicate that wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.

The survey also found that many IT executives surveyed think the Internet of Things (IoT) could become a major security problem. “Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent,” the survey authors wrote.

And, looking at the financial costs of a cyberattack, more than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5 percent said they spent more than $10 million. Costs in the U.K. were generally lower, with 63 percent saying an attack had cost less than £351,245 or about $500,000, though 6 percent claimed costs above £7 million.

There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.

And, increasingly IT executives are looking at what’s referred to as ethical hackers, or white hat hackers, to help strengthen their cyber defenses. “Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, ‘Nothing beats a poacher turned gamekeeper,’” the survey authors wrote.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” Carl Herberger, Radware’s vice president of security solutions, said in a statement. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.