SCOTTSDALE, Ariz., June 21, 2016 /PRNewswire/ -- Business owners in the U.S. recognize the severity of ransomware and the potential disruption to business operations, yet 84 percent say they would not pay in the event of an attack, according to a new survey by IDT911™, a leading data security and identity theft protection firm. Of these business owners, some routinely back-up their business files and could therefore restore processes, whereas others simply wouldn't pay cybercriminals—even if it meant not recovering information.
Industry pundits have predicted 2016 to be the year of ransomware, following a dramatic uptick last year of cybercriminals holding businesses' digital systems hostage in exchange for money. The FBI's Internet Crime Compliant Center reports a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars.1 And since January 1, Symantec Security Response has seen an average of 4,000 ransomware attacks per day—a 300-percent increase from last year.2
While such interference is detrimental to organizations of all sizes, every minute a business is forced to spend offline, is particularly damaging to revenue streams. More than half (60 percent) of business owners acknowledge this vulnerability and agree that they would immediately report the attack to law enforcement authorities, as one out of three respondents (33 percent) say they could not go without access to critical business systems for any length of time.
Despite a heightened awareness of ransomware threats, survey responses indicated that business owners may place too much confidence in their backup systems and processes: A majority (65 percent) currently do not, nor plan to, budget extra funds to regain access and more than half (52 percent) do not have cyber insurance protection.
"Ransomware is the Zika virus of the business world and there is absolutely no telling how far and wide this will spread," said Adam Levin, founder and chairman of IDT911, and author of Swiped. "Training alone isn't enough, cyber insurance alone isn't enough and, sure as heck, backed-up data alone isn't enough. We're talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business. Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control."
Additional key findings include:
- Only three percent say they would pay $10,000 or more in a ransomware attack, whereas 10 percent would pay between $1 and $100.
- Nearly a quarter of business owners (22 percent) say they are unsure how to, or were not aware of the need to, back up their system and files.
- A mere five percent of business owners currently set aside funds in case of ransomware attacks.
- Female business owners are more likely than men to report ransomware attacks to authorities right away.
- Millennials (ages 18 to 34) are more likely to have cyber insurance protecting their business than those respondents aged 35 to 44.
1 U.S. Federal Bureau of Investigation 2015 Internet Crime Report, May 2016
2 Symantec Corp. 2016 Internet Security Threat Report, April 2016
The findings are based on a Google Consumer Survey of 1,035 people in the U.S., aged 18 and over, who identified themselves as small- or medium-sized business owners (companies between 1-999 employees). The survey was weighted against the U.S. Census Bureau Current Population Survey for age, gender and region of the United States to be representative of the population.
IDT911™ is the leading provider of services that help businesses and their customers defend against data breaches and identity theft. IDT911's unique approach—delivering proactive protection, preventive education, and swift resolution—offers unrivalled support for more than 660 client partners and 17.5 million households. Through IDT911 Consulting™, IDT911 delivers information security and data privacy expertise to help businesses avert and respond to data loss. Based in Scottsdale, Ariz., the company has several locations in the U.S. and Canada, as well as in Ireland to serve partners in Europe.