Download copy of Perspectives on Cyber Risk 2017

Join the CHQA Members' Centre

In the CHQA Members' Centre, members can access CHQAnalysis (our in-depth analysis of current issues), News (weekly summaries of governance news), Board Shorts (succinct answers to directors' governance questions), a search facility extending over various governance categories, and information about our seminars and other events.

Apply for CHQA Membership here.

The CHQA Members' Centre is password protected and accessible only to members. There is no joining fee for eligible applicants.

Perspectives on Cyber Risk
play video
(Click to edit)

Real cost of cyber attacks is reportedly enforced downtime

Real cost of cyber attacks is reportedly enforced downtime

August 7, 2017 12:32 PM | Print this page

A recent survey was undertaken in the United States as part of a larger survey of organisations in five additional geographies – the United Kingdom, France, Germany, Australia and Singapore – on ransomware and other critical security issues. The survey was conducted with small to mid sized businesses during June 2017 with 179 organisations in the United States and 175 in each of the other five nations. In order to qualify for participation in the survey, respondents had to be:

  • a responsible and/or knowledgeable about cybersecurity issues within their organisation, and
  • the organisations surveyed could have no more than 1,000 employees.

Survey highlights:

  • The impact of ransomware on small to mid-sized businesses can be crippling: Among small to midsized organisations that have experienced a successful infiltration of the corporate network by ransomware, 20% reported that they had to cease business operations immediately, and 12% lost revenue, both slightly lower than the global average.
  • The real cost is disruption to business (downtime) not the ransom demand itself: The survey found the ransom demanded was often (in just over 50% of cases) $1000 or less and that only 17% of demands were in excess of $10,0000. However, the research also found that for 20% of impacted organisations, a ransomware infection caused 25 or more hours of downtime, with some organisations reporting that it caused systems to be down for more than 100 hours. The amount of high levels of ransomware-induced downtime for US-based organisations was slightly higher than the global average.
  • Email and email attachments still most likely to be the source of ransomware infections: The most common source of ransomware infections in US-based organisations are related to email use: 37% were from a malicious email attachment and 27% were from a malicious link in an email.
  • 27% of organisations don't know the source of ransomware infections: The survey found that many organisations are unable to identify the source of ransomware infections and organisations in the United States are three times more likely than the global average to know the source of the infection: only 9% of American organisations did not know the source of the ransomware infection versus 27%
  • Ransomware infections often spread to other endpoints once they take hold: The esearch found that in many ransomware attacks the infection is not limited to a single endpoint, but can spread to others, as well. In fact, in some cases the infection spread to every endpoint on the network. Organisations in the United States were more likely than the global average to see ransomware infections spread to more than just the initial endpoint that was infected, but not every endpoint, whereas US organisations were twice as likely to experience every endpoint on the network become infected.

Attitudes about paying ransomware

  • Most small to mid-sized businesses do not believe they should pay ransomware demands: We found that a sizeable majority of respondents believe that ransomware demands should never be paid, while most of the remaining organisations believe they should be paid if the encrypted data is of value to the organisation. Only a tiny minority believe that ransom demands should always be paid, although American organisations are more than twice as likely to believe they should always be paid.
  • Among those that did not pay the ransom, many lost files as a result: We found that among US-based organisations that did not pay the ransom that was demanded of them, 32% lost files, matching almost exactly the global average.
  • Most organisations want addressing ransomware to be a high priority, but they still lack confidence in their ability to deal with it: The vast majority of organisations give a high or very high priority to addressing the ransomware problem (80% of the American organisations surveyed versus 75% globally); to investing in resources, technology and funding to address the problem (69% compared to 67% globally); and to investing in education and training about ransomware for end users (73% versus 53% globally). Despite these investments, about one-half of the American organisations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.
  • There is variability in attitude between the geographies surveyed: For example, only 16% of French and 17% of German organisations opted to pay the ransom demanded after their most severe ransomware infection, but 43% of British and 46% of Australian organisations opted to do so. Companies in the United States were significantly less likely to pay ransomware demands than the global average (21% versus 28%).

[Sources: The AFR 02/08/2017; [registration required] Survey Report: Second Annual state of ransomware report: US Survey results July 2017]

This post appears under the following topics;