UK consumers believes businesses should not negotiate with ransomware attackers, although their tune changes significantly if their own data has been compromised.
This is according to a new report from Veritas Technologies, based on a poll of 2,000 consumers in the UK, which states that 80 percent believe businesses should refuse to pay ransom fees to hackers.
However, if it is their data businesses are negotiating over, consumers believe organisations should pay hackers roughly $860 per user entry.
Further, two thirds (68 percent) believe they should be personally compensated in the event the business fails to retrieve the stolen/encrypted data.
“Whilst it may initially seem like businesses can’t win regardless of whether they pay or not, they are actually getting a clear message from consumers: people want their providers to escape the dilemma of whether to pay, or not to pay, by avoiding the situation in the first place,” said Simon Jelley, VP Product Management at Veritas Technologies.
“Our research shows that, if businesses want to please their customers, they need to prepare for an attack and be ready to recover from it – so, if the worst happens, they have tried-and-tested recovery procedures in place and there’s no need to pay out.”
When ransomware first grew to prominence, businesses were advised not to pay out, but instead to keep a fresh backup at all times and educate their employees not to click on suspicious links or download unsolicited email attachments.
However, with many hackers now exfiltrating and leaking stolen data as well, some law enforcement agencies advise businesses to hold their nose and pay the ransom.