Most businesses now have a ransomware payout policy

Lock on Laptop Screen
(Image credit: Future)

Many modern businesses know what to do in case of a ransomware attack, a new report is claiming.

The Databarracks’ 2021 Data Health Check paper, based on a poll of 400 IT decision-makers in the UK, found over half (54%) of organizations now have a defined policy set up that dictates their response to a ransomware attack.

Sometimes it means paying the ransom, sometimes it means reaching for the backup, and sometimes it means persisting, no matter what. Of the 400 ITDMs polled for the paper, a fifth (21%) have a policy never to pay ransom, no matter what. Further 14% will pay, if it’s cheaper compared to rebooting the system, and 13% will pay if their cyber insurance policy can cover the expenses. Another 6% will only pay if there is absolutely no other alternative. 

Discussing the findings, Databarracks’ Managing Director Peter Groucutt said ransomware is the fastest-growing threat today, with almost a third (29%) of organizations falling victim in the last year, compared to just 9% five years ago.

And while he believes it’s “encouraging” seeing businesses being proactive, it’s still worrisome that a third don’t have any kind of policies set up, and that some expect to pay up if needed.

“Neither of these approaches are sustainable in the long run. Paying a ransom, even if the demand is relatively small, emboldens criminals to hit harder and more frequently in future. There’s also always the possibility you won’t get your data back after paying up,” he says

“Further, there’s no guarantee insurance policies will cover every claim.”

“Instead of choosing the path of least resistance, organizations should take proactive steps to make themselves more resilient. It takes hard work in the short term, but it is the only viable long-term solution.”

While ransomware attacks against large enterprises often make headlines, SMBs are also a frequent target. Ransomware operators are no longer casting a wide net, but instead focus on specific organizations and slowly move their way into the premises, regardless of the victim’s size.

A ransomware attack will usually start with a phishing email or a fraudulent SMS/call, which is why it’s essential for SMBs to train and educate their employees on the dangers of downloading email attachments and clicking on links from unconfirmed sources.

An SMB suffering a ransomware attack may lose customer trust, end up with a destroyed brand image, on top of mounting remedy costs and potential fines. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.