Most Australian businesses paying ransoms

By Dylan Bushell-Embling
Wednesday, 15 November, 2023

Most Australian businesses paying ransoms

Despite all the advice against doing so, Australian businesses are still all too willing to pay a ransom after falling victim to a ransomware attack rather than face loss of critical data, research suggests.

A survey commissioned by McGrathNicol and conducted by YouGov found that 73% of businesses falling victim to a cyber attack in the past five years chose to pay the ransom demand.

Even among businesses yet to experience an attack, 70% of respondents said they would be willing to pay a cyber ransom.

Among businesses which did pay a ransom, 74% did so within 48 hours, while 37% did so within 24 hours. The average ransom paid by these businesses was $1.03 million, but business leaders would be willing to pay an average of $1.32 million.

The survey found that in the past five years, 42% of medium to large businesses have fallen victim to a single attack, with a further 14% having been targeted multiple times.

McGrathNicol Advisory Cyber Partner Darren Hopkins said the findings show that the Australian Government’s messaging strongly advising against paying ransomware attackers has been mostly falling on deaf ears.

“Businesses are still overwhelmingly paying ransoms, and paying them quickly, to avoid negative backlash from customers, partners and stakeholders. It’s now being factored in as a cost of doing business,” he said.

“The research shows that executives are becoming empathetic and less hard-nosed about reporting these attacks to authorities. But without greater collaboration and knowledge-sharing, our ability to prevent ransomware attacks is undermined. This intelligence can help business leaders make informed decisions rather than rushing into paying an expensive, and potentially illegal, ransom.”

The survey also found that only 60% of executives polled support mandatory reporting following a ransomware attack, down from 75% in 2022. Less than half (46%) of respondents meanwhile agree that it should be mandatory to report an attack even if a ransom hasn’t been paid.

The top reasons for paying a ransom include attempting to minimise potential harm to stakeholders, reduce brand damage and avoid sensitive information being leaked, the research found.


Related News

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd