UK IT directors would pay cyber-ransom

Almost half (47 percent) of UK IT directors would 'definitely' be willing to pay a ransom rather than report a breach to the authorities according to new research from Sophos.

With GDPR now in effect, businesses could actually end up paying more in penalties than they would to hackers which is why so many IT directors have considered just paying a ransom to unlock their data from cybercriminals.

Sophos's research also revealed that 30 per cent of UK IT leaders would 'possibly' consider paying the criminals' ransom if it was lower than the possible penalty for a breach. Only one in five (18 percent) respondents completely ruled out paying off their attackers.

Small businesses were least likely to consider paying a ransomware demand with more than half (54 percent) of IT directors at UK companies with fewer than 250 employees ruling out paying their attackers.

Ransom over penalties

Of the 906 IT directors and managers surveyed in Belgium, France, Ireland, the Netherlands, UK and Ireland, UK IT directors are significantly more likely to pay than their counterparts in other Western European countries.

Irish IT directors were the least likely to pay with just 19 per cent saying they would 'definitely' be willing to pay a ransom over a larger fine.

IT directors in France, Belgium and the Netherlands were also less likely to pay a ransom. Only 33 per cent of respondents in France, 24 per cent of those in Belgium and 38 per cent of IT directors in the Netherlands said they would 'definitely' be willing to pay.

UK Managing Director at Sophos, Adam Bradley offered further insight on the findings of the study, saying:

“It is concerning to learn that so many UK IT leaders misunderstand the threat and consequences of even a minor data breach. Companies that pay a ransom might regain access to their data, but it’s far from guaranteed and a false economy if they do it to avoid a penalty. They still need to report the breach to the authorities and would face a significantly larger fine if they don’t report it promptly.

“It is surprising that large companies appear to be those most likely to pay a ransom. It is a mistake for companies of any size to trust hackers, or to expect that they’ll simply hand the data back. Our advice? Don’t pay the ransom, do tell the authorities promptly and make sure you take steps to minimise the chances of falling victim again.”

  • We've highlighted the best VPN to help you stay secure online
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.