With recent high-profile hacks reportedly breaching hundreds of thousands of users’ records, the expectation from users would be for the supplier to pay hundreds of millions of dollars in the hope that their data is returned. This is on top of the cost to businesses of downtime, brand reputation and customer trust.
A ransomware study by Veritas Technologies found that 71% of consumers surveyed believe businesses should stand up to hackers and refuse to pay ransoms. But should the consumer’s own personal data is compromised in an attack, consumers expect businesses to pay an average of US$1,167 per user.
Additionally, 65% thought they should be personally compensated if the company still can’t retrieve the information that’s been stolen.
Simon Jelley, vp product management at Veritas Technologies, said the consumer message is clear: “people want their providers to escape the dilemma of whether to pay, or not to pay, by avoiding the situation in the first place. If businesses want to please their customers, they need to prepare for an attack and be ready to recover from it – so, if the worst happens, they have tried-and-tested recovery procedures in place and there’s no need to pay out.”
The buck stops with the CEO
In the event of a ransomware attack, percentage of consumers say:
• The CEO should face a prison sentence (23%)
• The CEO should be banned from running companies in the future (30%)
• The CEO should pay a fine (35%)
• The CEO should resign (27%)
• The CEO should take a pay cut or be demoted (25%)
• The CEO should publicly apologize (42%)
No win scenario for victims
Jelley believed that paying the ransom only propagates the problem. Attackers will typically leave vulnerabilities in the devices of those businesses that have paid up, enabling them to come back again for recurring revenues.
“Whether companies choose to pay the extortion or not, the real cost of ransomware is downtime, lost productivity and reputational damage. We believe it’s far better then, to have tried-and-tested data protection solution in place before the hackers come with their demands,” he concluded.
The two most essential things that consumers said businesses should have in place are protection software (79%) and backup copies of their data (62%). Businesses that have adopted these technologies are generally considered better able to respond to ransomware attacks since they can normally either prevent an attack, or safely restore their data without needing to pay the attackers’ demands.