IBM Security Reveals 70 Percent Of Businesses Pay Up To Ransomware


A quarter of business executives would be willing to pay up to $50,000 (£40,000) to get their data back

70 percent of businesses infected with ransomware paid the ransom to regain access to data and systems, much higher than the one-in-two rate for consumers, according to new research from IBM Security.

The “Ransomware: How Consumers and Businesses Value Their Data” study questioned 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data.

50 percent of consumers surveyed said they would not pay to regain access to personal data or devices, with the exception of financial data. However, 55 percent of parents would pay for access to digital family photos, compared to 39 percent of respondents without children.


Paying up

Ransomware reportedly made up nearly 40 percent of all spam e-mails sent in 2016 and this prevalence is emphasised with with nearly 50 percent of business executives saying they have experience ransomware attacks in the workplace.

60 percent of business executives indicated that they would be willing to pay a ransom to recover data and 70 percent confirmed that their company has stumped up the cash to resolve an attack. Interestingly, over half of those paid over $10,000 (£8,000) and 20 percent paid over $40,000 (£32,000). Ransomware is a lucrative business indeed.

The types of data that businesses would be willing to pay for include financial and customer records, intellectual property and business plans, with a quarter of business executives saying they would be willing to pay up to $50,000 (£40,000) to get their data back.

And it’s not just enterprises that are being targeted. 29 percent of small businesses surveyed said they have experience with ransomware attacks, compared to 57 percent of medium-sized businesses. The worry is that a lack of IT security training could leave small businesses more vulnerable to future attacks. Less than a third (30 percent) of small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.

“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” said Limor Kessem, Executive Security Advisor at IBM Security and the report’s author. “The digitisation of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware.

“Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”

Ransomware has undoubtedly been one of the security buzzwords in 2016, with attacks targeting all manner of organisations, from NHS hospitals to multiple British universities and everything in between.

It’s rapid rise really has been something to behold. Ransomware is now believed to comprise nearly half of all malware found in enterprise cloud applications, with attacks on businesses showing a threefold increase in 2016.

Quiz: The biggest and baddest attacks in technology history