Australian businesses yielding to ransomware groups

In the wake of the ransomware attack on Medibank, McGrathNicol Advisory has released research indicating that 69% of Australian businesses have experienced a ransomware attack in the past five years.

The advisory company’s latest research, published in partnership with YouGov, suggests that in the face of the onslaught, businesses are becoming more willing to make substantial payments to ransomware groups.

Respondents to a survey conducted for the research indicated that they would on average be willing to pay $1.28 million to stop an attack, nearly double the amount they were willing to pay a year ago.

Already 44% of organisations are making a ransom payment within 24 hours to minimise potential damage, up from 23% in 2021.

According to the research, business email compromise or phishing emails remain the most common mode of entry for ransomware attacks. Almost 75% of all ransomware attacks can be attributed to human error, while the remaining 25% are a result of vulnerabilities exploitation and malicious access.

McGrathNicol Advisory Cyber Partner Darren Hopkins said many businesses are facing pressure to pay attackers to keep the lights on rather than risk negotiating.

“Given that almost a third of businesses are willing to pay more than $1 million in ransom payments, and pay quickly, the research shows that business leaders are starting to treat the ransomware threat as they would any other business risk,” he said.

“This is a challenging environment for business leaders, and while many feel as if they don’t have the luxury of time, we want to assure them that there is always help available. Just as we encourage businesses to review and practise fire drills, we urge business leaders to develop and stress-test their cyber resilience plans. When a ransomware attack inevitably occurs, you and your board will know exactly what comes next.”

Image credit: iStock.com/Ja'Crispy