A Third of Companies Would Consider Paying Hackers

Several companies are opting for short-term reactive cybersecurity despite high profile ransomware attacks.

• By Sydny Shepard
• Jun 05, 2018

A third of organizations would choose to pay a ransom instead of investing more in security according to a survey by NTT Security.

Decision makers at organizations around the work were asked if they would consider paying a ransom by a hacker rather than invest money in security measures because it would be cheaper. On average, a third of the surveyed said yes. An additional 16 percent said they didn't know what they would do.

According to the survey, organizations in Norway, France, Germany and Austria are most likely to give into a ransom over investing in security, with 40 percent of firms stating they'd consider taking this approach.

Thirty-five percent of U.S. firms said they would consider giving into a hacker's ransom. The country that would be least likely to choose the course of action was found to be the U.K., but the number still show about one in five of U.K. organizations would rather pay the ransom.

All this comes in the wake of high-profile ransomware attacks like WannaCry and NotPetya, which both demonstrated how vulnerable organizations can be to cyber attacks.

"While it is encouraging that many organizations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs," said Kai Grunwitz, Senior VP for EMEA at NTT Security.

Those taking a "wait and see" approach to cybersecurity are taking risks on a number of levels: there information is open for the taking and if they do decide to play the hacker's game, there is no guarantee the hacker will keep up their side of the deal.