IBM Study: Businesses More likely to Pay Ransomware than Consumers
70% of Businesses Impacted Paid Cybercriminals; half paid over $10,000
Consumers Motivated to Pay When Financial Info, Digital Family Memories Threatened
Dec 14, 2016
CAMBRIDGE, Mass., Dec. 14, 2016 /PRNewswire/ -- IBM Security (NYSE: IBM) today announced results from a study finding 70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data.
Ransomware is an extortion technique used by cybercriminals where data on computers and other devices is encrypted and held for ransom until a specified amount of money is paid. The IBM X-Force study, "Ransomware: How Consumers and Businesses Value Their Data" surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data. Some key findings from consumers include:
Ransomware was one of the leading cybersecurity threats in 2016 with the FBI estimating cybercriminals, in the first three months of this year, making a reported $209 million. This would put criminals on pace to make nearly $1 billion in 2016 from their use of the malware. In fact, according to IBM X-Force research, ransomware made up nearly 40 percent of all spam e-mails sent in 2016, demonstrating a significant increase in the spread of the extortion tool.
Businesses Paying Up
As part of the survey, nearly 60 percent of all business executives indicated they would be willing to pay ransom to recover data. The data types they were willing to pay for included financial records, customer records, intellectual property and business plans. Overall, 25 percent of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.
Small businesses remain a ripe target for ransomware. Only 29 percent of small businesses surveyed have experience with ransomware attacks compared to 57 percent of medium size businesses. While cybercriminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable. The study found that only 30 percent of small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.
Consumers Can be Motivated to Pay
For example, 54 percent of participants would be willing to pay for financial data and 43 percent were willing to pay for access back to their mobile device. When asked to put a value on different types of data, 37 percent of consumers said they would pay over $100 to get data back. For comparison, IBM X-Force typically sees ransomware demanding approximately $500 or higher, depending upon the victim and the time lapse they wait before paying.
Cybercriminals are having their best success leveraging ransomware against parents. In fact, 39 percent of parents surveyed have experience dealing with ransomware while overall 29 percent of non-parents indicated some experience.
IBM's analysis determined that parents are more motivated to pay due to sentimental value and children's happiness. For example, 71 percent of parents surveyed were most concerned about their family digital photos and videos being threatened with only 54 percent of non-parents showing the same concern. Overall, 55 percent of parents would pay for access back to the photos while only 39 percent of non-parents would pay.
Access to gaming devices, likely used by children, were also highly ranked by parents as most concerning to them. In fact, it was second to photos and video with 40 percent of parents reported being worried about losing access to these devices versus 27 percent of non-parents.
"While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets," said Limor Kessem, Executive Security Advisor, IBM Security and the report's author. "The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security."
Preparing for and Responding to Ransomware
For additional tips and details on the survey findings, you can download the full report at: https://ibm.biz/RansomwareReport.
In addition, Resilient, an IBM Company, today announced an industry-first Dynamic Playbook to help organizations respond to ransomware and other complex attacks. Resilient Dynamic Playbooks orchestrate response in real-time, adapting the actions organizations need to take in response to cyberattacks as they unfold.
If you are a victim of ransomware, the FBI and other law enforcement agencies advise victims to avoid paying a ransom to cybercriminals. They do recommend you report a cybercrime, including becoming the victim of ransomware to the appropriate authorities:
About IBM Security
About the Study
The margin of error for the study for the total business audience is +/- 3.88% at the 95% confidence level (and +/- 5.5% at the 95% confidence level for individual company sizes). The margin of error for the consumer study is +/- 3.07% at the 95% confidence level.
|Powered by MediaRoom|