Consumers now more aware of ransomware and place onus on businesses to protect their personal data
Ransomware has been firmly thrust into the spotlight thanks to WannaCry, but have public perceptions on cyber crime and data security changed since the attack?
According to research carried out by Carbon Black, 57 percent of 5,000 consumers surveyed said that WannaCry was the first exposure they’d had to the intricacies of ransomware, meaning the high-profile nature of the attack has certainly made people more aware.
This, in turn, has an impact on businesses. The majority of respondents (70 percent) said that they trust financial institutions and healthcare providers to keep their personal data safe, but this figure drops to just 52 percent for retailers.
Furthermore, 70 percent would consider leaving a business if it was hit by a ransomware attack, which rises to 72 percent for financial institutions and drops to 68 percent for healthcare providers.
Businesses are now under more pressure than ever to protect personal data, especially in Europe with new Global Data Protection Regulations (GDPR) bringing in the potential for severe financial penalties.
“It remains to be seen whether the upturn in awareness continues or whether it reverts back to pre-WannaCry levels of awareness,” said Mike Viscuso, CTO at Carbon Black. “Either way, with consumer awareness so high the commercial risks and downsides resulting from an attack are even greater from a business standpoint.
“The fact that consumer behaviour changed little between financial institutions, retailers and healthcare providers shows a significant majority of consumers will punish companies who are affected by ransomware.”
The survey also revealed the types of data that consumers are most concerned about protecting. For example, 42 percent of respondents cited financial data as their most important information, closely followed by personal/family photos and videos at 41 percent.
In comparison, medical records and mobile phoned data were most valued by just 5 percent of respondents.
Finally, 52 percent said the would be willing to pay a ransom if their personal files were encrypted by ransomware, despite best practice advising people against paying out.
Of this 52 percent, 12 percent said they would pay $500 (£390) or more to get their data back, 29 percent would pay between $100 and $500 (£78-£390) and 59 percent said they would only be willing to part with less than $100.
“The onus of responsibility to keep consumer data safe is mostly on the individual organisations themselves,” Viscuso concluded.
“While the burden is distributed among government organisations, software providers, and cybersecurity companies as well, consumers say the buck stops with the companies that are trusted with the private data. This is an important consideration for businesses.”