Most Australian businesses paying ransoms
Despite all the advice against doing so, Australian businesses are still all too willing to pay a ransom after falling victim to a ransomware attack rather than face loss of critical data, research suggests.
A survey commissioned by McGrathNicol and conducted by YouGov found that 73% of businesses falling victim to a cyber attack in the past five years chose to pay the ransom demand.
Even among businesses yet to experience an attack, 70% of respondents said they would be willing to pay a cyber ransom.
Among businesses which did pay a ransom, 74% did so within 48 hours, while 37% did so within 24 hours. The average ransom paid by these businesses was $1.03 million, but business leaders would be willing to pay an average of $1.32 million.
The survey found that in the past five years, 42% of medium to large businesses have fallen victim to a single attack, with a further 14% having been targeted multiple times.
McGrathNicol Advisory Cyber Partner Darren Hopkins said the findings show that the Australian Government’s messaging strongly advising against paying ransomware attackers has been mostly falling on deaf ears.
“Businesses are still overwhelmingly paying ransoms, and paying them quickly, to avoid negative backlash from customers, partners and stakeholders. It’s now being factored in as a cost of doing business,” he said.
“The research shows that executives are becoming empathetic and less hard-nosed about reporting these attacks to authorities. But without greater collaboration and knowledge-sharing, our ability to prevent ransomware attacks is undermined. This intelligence can help business leaders make informed decisions rather than rushing into paying an expensive, and potentially illegal, ransom.”
The survey also found that only 60% of executives polled support mandatory reporting following a ransomware attack, down from 75% in 2022. Less than half (46%) of respondents meanwhile agree that it should be mandatory to report an attack even if a ransom hasn’t been paid.
The top reasons for paying a ransom include attempting to minimise potential harm to stakeholders, reduce brand damage and avoid sensitive information being leaked, the research found.
Semperis discovers critical flaw in Windows Server 2025
Semperis researchers have discovered a method of exploiting what they say is a critical design...
Trustwave launches anti-phishing service for Microsoft 365
Trustwave's new managed service is designed to provide organisations using Microsoft 365...
Cyber attackers using sophisticated deepfake tools: report
A new report from Trend Micro demonstrates that malicious actors are using convincing deepfake...