The vast majority of businesses affected by ransomware (opens in a new tab) attackers say they would pay the demand simply to be able to get back to work as soon as possible.
The Rubrik Zero Labs report, which involved more than 1,600 professionals including CISOs, CIOs, BPs and executives, found that over three-quarters (76%) said they would likely consider paying a ransom in the event of a cyberattack.
Why business leaders would choose to continue to fuel this criminal industry despite repeated warnings from law enforcement and cybersecurity firms is debated, but the report points to a painful lack of trust. Overall, 92% of respondents say they would be concerned about not being able to maintain business continuity in the event of a cyberattack, and a third believe management lacks confidence in the company’s ability to recover critical data and business applications after such an incident .
Emotional consequences
Despite this, the number of attacks and their destructive power continue to grow.
Almost every leader surveyed said their company had suffered a cyberattack in the past year, with an average of 47 attacks over the 12-month period. Researchers found that only 5% were able to return to normal work within an hour of detecting a cyberattack. Moreover, 11% said they did not properly address previously exploited vulnerabilities.
The effects of a successful cyberattack go far beyond the company’s financial problems. Almost all respondents (96%) experienced “significant emotional or psychological consequences” after a cyberattack. Some worried about the safety of their jobs, others worried about losing the trust of colleagues.
One-third reported changes in leadership roles as a direct consequence of the attack.
Ransomware attacks have been one of the most dangerous and popular types of cybercrime in the last few years. Scammers infiltrate the target network, steal as much confidential data as possible, and then encrypt all files, preventing their owners from accessing them.
They then demanded payment in cryptocurrencies in exchange for a decryption key and under the threat of leaking the stolen data into the network. Ransom demands vary, but we’ve seen them go up to seven figures, depending on the victim.
“It’s clear from this research that cyberattacks continue to have a major impact on global organizations, and the impact is increasing,” said Steven Stone, head of Rubrik Zero Labs.
“In addition to this increase in the frequency and impact of cyber events, those on the front lines are experiencing a psychological impact on their well-being. Confidence decreases and anxiety increases. Without a proactive and dependable approach to defending against today’s cyberthreats and reinforcing confidence in an organization’s ability to address these cyber incidents, these impacts – both human and organizational – will be exacerbated and mutually reinforcing. The good news is that we also see pragmatic, proven strategies in the same space that pay off, and we can build on those approaches.”