Dive Brief:
-
A new report found 84% of U.S. business owners would not pay if they become the victim of a ransomware attack, even if that means permanently losing data.
-
The report, from identity/data protection firm IDT911, also found that despite awareness of the proliferation of ransomware, 65% of businesses have not budgeted extra funds to regain access to systems and data if they were to become ransomware victims.
-
The study also found more than half of respondents do not carry any cyberinsurance protection.
Dive Insight:
A May report from Kaspersky Lab found ransomware is now the most prolific cyberthreat of 2016. And while more than half (60%) of the 1,035 U.S. business owners surveyed by IDT911 acknowledged the severity of ransomware, few said they would succumb to criminal demands to fork over money, despite the fact that only 33% say they could go without access to critical business systems for any length of time.
Some business owners that said they would refuse to pay are helping protect themselves by routinely backing-up their files. But surprisingly, almost a quarter of respondents (22%) said they aren’t sure how to back up their systems and files or were not aware of the need to.
The FBI has also recently warned businesses about the rising flood of ransomware.
"The uptick and variance in ransomware in the first quarter of 2016…has been unbelievable," said James Trainor, cyber division assistant director for the FBI in May. Trainor advised companies that become victims of a ransomware attack not to pay because it only encourages the hackers.
Adam Levin, founder and chairman of IDT911, and author of Swiped, said business owners need to understand the potential severity of ransomware attacks and prepare for them on multiple levels.
“We're talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business,” said Levin. “Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control."