Businesses value their data so much more than half will pay cyber criminals to get it back. The AppRiver Cyberthreat Index for Business Survey says 55% of small businesses will pay in the event of a ransomware attack.
And willingness to pay increases to 74% for larger small businesses. In fact, 39% say they will pay almost any price.
This is not surprising because the annual price of cybercrime is costing small businesses more with each passing year. The Better Business Bureau (BBB) says the annual loss is now at almost $80K or $79,841 on average. And the cost to the global economy for 2019 will hit more than $2 trillion.
However, 45% said they will not give in to the extortion of cybercriminals no matter how much the amount is. The position of the organizations greatly depends on their industry. And for those with extremely valuable data, getting their property back at all costs is not out of the question.
This has led companies to view cybersecurity as an off-balance sheet liability, which is what David Wagner, CEO of Zix Corp, the parent company of AppRiver said in the press release.
Wagner explained, “Cybersecurity is no longer just a technology issue; it amounts to an off-balance sheet liability being carried by every company that isn’t adequately protected. Ransom scenarios, whether initiated through social media apps or any attack vector, have the potential to disrupt or destroy a business overnight.”
The urgency in Wagner’s statement is not hyperbole. Because 60% of small companies go out of business within six months after a cyber attack.
According to 84% of the SMB executives in the survey, the use of social media apps and website in the workplace or on a business device is a concern. And not surprisingly Facebook leads the pack.
More than three in four or 77% of respondents said Facebook was a security risk in the workplace. An industry segment which is particularly concerned about the social media platform is telecom SMBs. A clear majority or 83% of all telecom leaders said Facebook was a potential security threat.
As far as the other social media platforms, Pinterest faired better than all the others with only 3% saying it was a concern. Next was Linked in at 13% followed by Snapchat at 15%, WhatsApp at 18%, Instagram at 19%, YouTube at 20% and Twitter at 21%.
Ransomware attacks work because cybercriminals hold valuable data hostage. The more value the data has for an organization, the more they are willing to pay for it.
According to AppRiver, businesses are continually at risk of cyber attacks because their files are in different locations with varying security levels.
In the survey, 48% said they have confidential business data across multiple locations. This includes everything from laptops to smartphones, tablets, and on network drives. And shockingly, 6% said they are too busy to know where their data was stored.
The segments which take the issue of data management seriously are financial services, insurance, healthcare, pharmaceutical, and government SMBs. They said their business data is located on their secured network and nowhere else.
Being Ready for an Attack
Security experts have been warning individuals and organizations about the dangers of cyber attacks for years. But for some reason, not everyone is heeding this advice.
For small businesses, the consequences are grave, which might explain why so many of them are paying the ransom. Dr. Eman El-Sheikh, Director of the University of West Florida Center for Cybersecurity, said as much in the report.
“The high willingness to pay ransom demonstrates the importance of business data to these organizations, however, the growing apathy of threat fatigue could prove to be dangerous. The time is now to institute cyber readiness training, tools and policies.”
By implementing robust security policies, best practices, and strong governance, small businesses can protect themselves from ransomware and other cyber attacks.
The AppRiver Q2 Cyberthreat Index for Business survey was carried out in April 2019. A total of 1,035 cybersecurity decision makers in SMBs took part in the national study. Over 80% of the participants were in leadership positions including CEO, president, owner, CTO or head of IT.
More in: Cybersecurity