C-Suite execs say they won’t pay ransom attacks, until they get hacked; Telecommuting, IoT, and wearables are among rising security concerns
How many businesses will pay a ransom if attacked? It might depend on if they have already been a victim of ransomware. Some 84 percent of U.S. and U.K. information technology executives at firms that had not faced ransom attacks said they would never pay a ransom. But among firms that had been attacked, 43 percent paid, according to Radware’s 2016 Executive Application & Network Security Survey.
Radware polled more than 200 IT executives across the U.S. and U.K. The study found that U.S. companies were far more willing to admit that they would pay a ransom. Among U.S. firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent in the U.K. Companies that paid ransoms reported an average of $7,500 in the U.S. and £22,000 in the U.K, said the release.
In addition to the responses to ransom attacks, Radware’s 2016 Executive Application & Network Security Survey found which security threats most weigh on the minds of the C-suite and senior executives.
Senior executives see former bad guys as the best way to test their systems. Some 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so, with one respondent saying, “Nothing beats a poacher turned gamekeeper.”
Work-from-home arrangements are seen as an increasing risk. The survey found a big jump in changes to telecommuting policies, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.
While about one in three companies implemented security policies around wearables in the last two years, 41 percent said they still have no rules in place, leaving a growing number of end points potentially vulnerable. Perhaps this is because wearables aren’t seen as a major target—only 18 percent pointed to wearables when asked what hackers would most likely go after in the next three to five years.
While wearables were less of a concern, many executives surveyed think the Internet of Things (IoT) could become a bona fide security problem. Some 29 percent said IoT devices were extremely likely to be top avenues for attacks, similar to the percentage of nods received for network infrastructure, which received 31 percent
When executives named the top two risks they face from cyberattacks, brand reputation loss led the pack, with 34 percent of respondents choosing that as a big fear. Operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.
On behalf of Radware, Merrill Research surveyed 205 IT executives (104 in the U.S. and 101 in the U.K.) in April and May 2016. To participate in the 2016 Executive Application & Network Security respondents were required to be at a company with at least $50 million (or equivalent) in revenue and hold a title of senior vice president level or higher. By design, the survey’s respondents were equally split between C-level executives and senior vice presidents. About half of the companies in the survey have 1,000 to 9,999 employees, averaging about 3,800, said the release.
Carl Herberger, Radware’s Vice President of Security Solutions commented, “This is a harbinger of the challenging decisions IT executives will face in the security arena. It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”