A new report commissioned by NTT Security, the NTT Group’s centre of excellence in security, shows that one third of global businesses would pay malware ransoms rather than develop stronger cyber defences.
The report, entitled ‘2018Risk:Value’, surveyed some 1,800 respondents from 12 countries, to determine their views on how data breaches, malware and ransomware attacks and other cyber threats impact business. In particular, the report surveyed business executives from outside the IT sector, to specifically examine business attitudes towards risks around information security and the value of data.
The results of the report showed that one third of the business decision makers globally said that they would prefer to pay malware ransoms to hackers than to invest more money over the long term in cyber security.
What direct impact could these figures have?
In the UK, around 21% of respondents said that they would pay malware ransoms, and a further 30% could not say for certain whether they would pay or not. This means that only around half of respondents were in favour of investing in strong cyber security to proactively tackle hacking, data breaches and other threats.
Further, just 4% of respondents in the UK view poor information security as the single greatest business risk, even in light of the fact that ransomware attacks rose in volume by 350% in 2017, and accounted for some 7% of all malware attacks worldwide. The cost of recovery from attacks is also increasing, rising from $1.35m (~€1.15m) in 2017 to $1.52m already in 2018.
Why are business leaders reluctant to invest in cybersecurity?
According to Kai Grunwitz, senior vice president on NTT Security, the report demonstrates unprecedented confidence on the part of business owners that they will not be impacted by data breaches and other cyber threats.
He explained: “Some might… suggest that many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view. … While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”