One third of execs would pay hacker’s ransom demands instead of investing in security, report reveals

One third of global business decision makers report that their organisation would try to cut costs by considering paying a ransom demand from a hacker rather than invest in information security. In the UK, this figure drops to a fifth (21%) of respondents.

The findings from the 2018 Risk:Value Report, commissioned by NTT Security, the specialised security company of NTT Group, show that another 30% in the UK are not sure if they would pay or not, suggesting that only around half are prepared to invest in security to proactively protect the business.

Examining business attitudes to risk and the value of information security, NTT Security’s annual Risk:Value Report surveys C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from multiple industry sectors.

The findings are particularly concerning, given the growth in ransomware, as identified in NTT Security’s Global Threat Intelligence Report (GTIR) published in April. According to the GTIR, ransomware attacks surged by 350% in 2017, accounting for 29% of all attacks in EMEA and 7% of malware attacks worldwide.

Confidence levels unrealistic

Levels of confidence about being vulnerable to attack also seem unrealistic, according to the report. 41% of respondents in the UK claim that their organisation has not been affected by a data breach, compared to 47% globally. More realistically, of those in the UK, 10% expect to suffer a breach, but nearly a third (31%) do not expect to suffer a breach at all. More worrying is the 22% of UK respondents who are not sure if they have suffered a breach or not.

Given that just 4% of respondents in the UK see poor information security as the single greatest risk to the business, this is unsurprising. Notably, 14% regard Brexit as the single greatest business risk, although competitors taking market share (24%) and budget cuts (18%) top the table.

Business impact and estimated costs of a breach

When considering the impact of a breach, UK respondents are most concerned about what a data breach will do to their image, with almost three-quarters (73%) concerned about loss of customer confidence and damage to reputation (69%). The highest figures for any country.

The estimated loss in terms of revenue is 9.72% (compared to 10.29% globally, up from 2017’s 9.95%). Executives in Europe are more optimistic, expecting lower revenue losses than those in the US or APAC.

Kai Grunwitz

The estimated cost of recovery globally, on average, has increased to $1.52m (€1.30m), up from $1.35m (€1.15) in 2017, although UK estimates are lower at $1.33m (€1.14) this year. Globally, respondents anticipate it would take 57 days to recover from a breach, down from 74 days in 2017. However, in the UK, decision makers are more optimistic believing it would take just 47 days to recover, one of the lowest estimates for any country.

Kai Grunwitz, senior VP EMEA, NTT Security, comments: “We’re seeing almost unprecedented levels of confidence among our respondents to this year’s report, with almost half claiming they have never experienced a data breach. Some might call it naivety and perhaps suggests that many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry.

While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

Whose responsibility is security anyway?

According to Risk:Value, there is no clear consensus on who is responsible for day to day security, with 19% of UK respondents saying the CIO is responsible, compared to 21% for the CEO, 18% for the CISO and 17% for the IT director. Global figures are very similar.

One area of concern, however, is whether there are regular boardroom discussions about security, with 84% of UK respondents agreeing that preventing a security attack should be a regular item on the Board’s agenda. Yet only around half (53%) admit it is and a quarter don’t know.

How prepared are organisations?

UK respondents estimate that the operations department spent noticeably more of its budget on security (17.02%) than the IT department did (12.94%). This compares to the global figures of 17.84% (operations) and 14.32% (IT), on average.

Each year the NTT Security Risk:Value report shows that companies are still failing when it comes to communicating information security policies. An impressive 77% in the UK (compared to 57% globally) claim to have a policy in place, while 10% (26% globally) are working on one. While 85% of UK respondents with a policy in place say this is actively communicated internally, less than a third (30%) admit that employees are fully aware of it.

In terms of incident response planning, the UK is the most well prepared with 63% of respondents saying their organisation has already implemented a response plan, well above the global figure of 49% , while 18% are in the process. Just 1% in the UK say they have no plans to implement an incident response plan.

“The UK is leading the pack when it comes to planning for a security breach or for non-compliance of information/data security regulations,” adds Kai Grunwitz. “Given that the GDPR has just come into force, this is encouraging. However, while the majority claim their information security and response plans are well communicated internally, it seems it’s only a minority who are ‘fully aware’ of them. This continues to be an area that businesses are failing on time and time again and needs to be addressed as a priority.”

For further information on NTT Security’s 2018 Risk:Value report and to download a copy click here.

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

RECENT ARTICLES
Background design with neon fingerprint

WISeKey launches SeyID Digital Identity platform in Seychelles

Posted on: April 23, 2024

WISeKey has announced it has the project to deliver a new Digital Identity platform, “SeyID”, by the government of Seychelles. SeyID will be linked with different national initiatives covering eGovernment, eTourism and eHealth.

Read more
white house green cloth assortment

Smart home technology saves money and helps protect the planet

Posted on: April 22, 2024

In the global battle against climate change and to be more sustainable, the quest for energy efficiency has taken centre-stage. The focus on sustainability is an increasing emphasis on humanity’s finite resources and the effect of our energy-consumption habits on the world around us. This heightened awareness is leading to a radical rethinking of how

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more