Businesses should pay customers affected by ransomware attacks
Veritas Technologies, a global leader in data protection and availability, has released findings from its ransomware research that found that consumers overwhelmingly believe businesses should stand up to hackers and refuse to pay ransoms. However, in the event that the consumer’s own personal data is compromised in an attack, they appear to have a change of heart wanting businesses to surrender to those criminals an average of US$1,167 per user.
71% of the 12,000 survey respondents, when asked generally, think that businesses should stand up to hackers who demand money and refuse to pay ransoms. Yet, when asked how much they wanted their suppliers to pay a ransomware attacker in the event that their own data was compromised, the average respondent specified the following amounts for different data types:
Simon Jelley, VP product management at Veritas Technologies, said: “Whilst it may initially seem like businesses can’t win regardless of whether they pay or not, they are actually getting a clear message from consumers: people want their providers to escape the dilemma of whether to pay, or not to pay, by avoiding the situation in the first place. Our research shows that, if businesses want to please their customers, they need to prepare for an attack and be ready to recover from it – so, if the worst happens, they have tried-and-tested recovery procedures in place and there’s no need to pay out.”
The two most essential things that consumers said businesses should have in place are protection software (79%) and backup copies of their data (62%). Businesses that have adopted these technologies are generally considered better able to respond to ransomware attacks since they can normally either prevent an attack, or safely restore their data without needing to pay the attackers’ demands.
Jelley, concluded: “We agree with the public when it comes to not paying the ransom. Paying a ransom can often propagate the problem and provide attackers with more resources to continue developing more frequent and more advanced attacks. Plus, attackers will typically leave vulnerabilities in the devices of those businesses that have paid up, enabling them to come back again for recurring revenues. And, whether companies choose to pay the extortion or not, the real cost of ransomware is downtime, lost productivity and reputational damage. We believe it’s far better then, to have tried-and-tested data protection solution in place before the hackers come with their demands.”