ROB ENGELAAR/AFP/Getty Images
show image

Oscar Williams

News editor

“One in five” UK businesses would rather pay a ransom fee than invest in cyber defences

A fifth of UK businesses would rather pay a ransom fee at a later date than invest more money in cyber security now, according to new research released ahead of Infosecurity Europe 2018.

Researchers commissioned by NTT Security quizzed more than 1,200 business decision-makers around the world about their perceptions of cyber risk.

They found that as many as one in three business globally would prefer to pay the fee, but that organisations in the UK were the least likely of the twelve surveyed nations to do so.

Germany and Austria topped the list, with 41 per cent of respondents reporting that their businesses would rather cash out later than make proactive investment in cyber defences.

While UK businesses were the most likely to have adopted an information security policy, just 30 per cent said employees were fully aware of it. Meanwhile, 63 per cent have implemented a cyber response plan – the most of any nation surveyed.

“The UK is leading the pack when it comes to planning for a security breach or for non-compliance of data security regulations,” said NTT’s Kai Grunwitz. “Given that the GDPR has just come into force, this is encouraging.”

“However, while the majority claim their information security and response plans are well communicated internally, it seems it’s only a minority who are ‘fully aware’ of them,” Grunwitz added. “This continues to be an area that businesses are failing on time and time again and needs to be addressed as a priority.”

The risks of relying on ransomware payments were laid bare last year. When the NotPetya virus started spreading, many organisations found they were unable to pay the ransom. Payments were directed to an email account that was swiftly shut down.

“This [malware] is definitely not designed to make money,” security expert, the Grugq, said at the time. “This is designed to spread fast and cause damage, with a plausibly deniable cover of ransomware.”