Many businesses would now rather pay ransom to hackers than risk huge GDPR fines, new research has found.
A report by Sophos out today found that 47 per cent of IT directors would 'definitely' pay a ransom fee to hackers who stole their company data.
Another 30 per cent would consider paying, if the ransom was lower than the GDPR fee. Just 18 per cent said no.
“It is concerning to learn that so many UK IT leaders misunderstand the threat and consequences of even a minor data breach,” said Adam Bradley, UK managing director at Sophos.
“Companies that pay a ransom might regain access to their data, but it’s far from guaranteed and a false economy if they do it to avoid a penalty. They still need to report the breach to the authorities and would face a significantly larger fine if they don’t report it promptly.”
Small businesses are less likely to pay the ransom. When it comes to countries, Ireland has IT directors who are least likely to pay the ransom. The Netherlands, Belgium and France have the highest percentage of those who’d ‘definitely’ pay.
‘It is surprising that large companies appear to be those most likely to pay a ransom. It is a mistake for companies of any size to trust hackers, or to expect that they’ll simply hand the data back. Our advice? Don’t pay the ransom, do tell the authorities promptly and make sure you take steps to minimise the chances of falling victim again,” he added.
Confidence about GDPR compliance is strongest among UK IT directors, but just 13 per cent of them said they had the tools to prove compliance in the event of a breach
“The best way to avoid paying is to stay one step ahead of the cybercriminals. Hackers tend to rely on phishing emails, unpatched software and remote access portals to gain access, so make sure your systems and people are able to spot the signs of attacks. Patch early and patch often, and secure remote access points with proper passwords and multi-factor authentication.”
Image source: Shutterstock/Martial Red