UK FIRMS WILLING TO PAY MORE THAN £136,000 TO CYBER CRIMINALS
In the wake of the devastating WannaCry cyber attack which demanded money from large organisations around the world, severely disrupting the NHS, a new survey reports that businesses have been spooked enough to stockpile currency and would genuinely consider paying cyber ransom demands.
The survey, by secure connectivity firm Citrix, found more than two-fifths of UK businesses are stockpiling bitcoin – the encrypted internet currency which cyber criminals often demand due to its untraceable nature.
UK firms are stockpiling around £46,000 of this cryptocurrency on average, in case of a ransomware attack. One third have put aside bitcoins worth more than £50,000.
Large firms are prepared to pay out more than £136,000 ($175,481) on average to cyber criminals. Smaller firms are more likely to keep a supply of cryptocurrency on hand than large businesses, perhaps feeling they could not afford to recover from an attack.
Only 22% of businesses polled said they would be unwilling to pay anything. One year ago in 2016, 20% of companies with 250-500 employees did not have any contingency measures in place, but this has fallen to just 7%.
Businesses appear to feel they would have little choice but to pay out in the event of an attack.
However, preparation can take many forms, and some are still missing simple preventative measures which could limit the impact of an attack. For example, over half of large UK firms (55%) do not back up their data every day.
Although tempting as an easy fix, it is not advised to pay ransoms if cyber criminals request money in exchange for returned access. There is no guarantee you will get your data back successfully, and you could be funding further criminal activity. It is also unlikely the money you sent would count as ‘stolen’ to your insurers, unless you have a dedicated cyber liability policy which explicitly covers ransoms.
Instead, you should report the attack to relevant authorities, and take steps to limit damage. If your data is regularly backed up, there will be no need to pay the ransom.