Home Data Protection Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire

Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire

by delta
0 comment

One of the key decisions that must be made after a successful ransomware attack is whether the victim organization can or should pay the ransom. Of course, there are many considerations in such a decision. For example, whether the payment is legally permissible, the ease of restoring the system if the ransom is not paid, and the damage that could be done to the company or its consumers if the system is not timely. Whether it has been restored, or whether there are reputational risks or ethical concerns, among many other considerations.

A new study by privacy and cybersecurity insurer Hiscox sheds light on additional practical concerns to consider when balancing potential risks and benefits.

More specifically, Hiscox has released its sixth annual Cyber ​​Readiness Report 2022. In it, Hiscox cites a number of interesting findings.

  • Ransomware attacks are up about 19% from 16% last year.
  • About 60% of the companies surveyed paid the ransom in response to a successful ransomware attack.
  • About half of the companies that paid ransoms ended up paying more than once after more successful attacks.
  • Especially in the United States, the number of ransomware attacks will remain roughly flat from 2021 to 2022, but the payouts will increase. More victims paid ransoms to attackers this year than last year.
  • Only 59% of the companies that paid the ransom successfully recovered their data.
  • 29% of companies that paid the ransom still had their data compromised.

In short, organizations considering paying a ransom understand that not only are there legal, reputational, and business risks, but such a payment may not even mitigate the damage of an attack. must be done after Moreover, while it was widely understood that paying ransoms could facilitate future criminal acts against others, statistics showed that such payments were actually against the paying organizations themselves. It has been suggested that it may lead to further attacks.

The decision to pay the ransom or not is complex and thus it would be desirable not to have to first consider this question on the fly. Therefore, before an attack occurs, thoroughly consider the factors used in payment decisions and, ideally, document those factors along with your organization’s specific weighting analysis. A manual that can be adopted by internal policy or consensus to provide guidance in case the worst happens.

You may also like

Leave a Comment


Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest product or an exclusive offer.