To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
Summary
A recent survey of 750 CISOs indicates that 58% would pay a ransom to recover their data if attacked by ransomware, despite government agencies like the FBI and NCSC advising against it. This willingness to pay persists even with the risk of incomplete data recovery, as evidenced by a separate IDC survey where 37% of companies hit by ransomware admitted to paying.
IFF Assessment
This article presents bad news for defenders as it highlights a high willingness among CISOs to pay ransoms, which encourages ransomware attackers and perpetuates the threat.
Defender Context
The high percentage of CISOs willing to pay ransoms reinforces the profitability of ransomware attacks, encouraging threat actors and making it harder for defenders to combat the growing threat. Defenders should focus on robust incident response plans, strong backup strategies, and continuous user training to mitigate the impact and reduce the incentive to pay.