Revealing new data
Third of firms willing to pay ransom to cyber attackers
Only a third of firms have a financial plan to counter cyber attacks
More than a third of companies would pay a ransom to get their systems and data back in the case of a cyber-attack, according to a revealing new survey.
It showed that 34% were willing to forfeit funds to settle with hackers while more than one in ten (13%) would pay £1 million or more.
The findings from Lloyds Bank reveal the extent of company vulnerability to attacks from cybercriminals with only a third having a financial plan in place.
The bank’s “Cyber Beyond IT” event for businesses explored how the growing digitisation of businesses, their supply chains, and the emergence of the Internet of Things is accelerating companies’ risk of disruption from a cyber-attack and that the financial implications are often overlooked.
The audience poll, which canvassed the views of over 150 executives (from small and medium sized businesses up to larger global corporates) showed that only a third (32%) have a financial resilience plan in place.
Giles Taylor, head of data & cybersecurity at Lloyds Bank Commercial Banking said: “The world is moving quickly and the reality today is that the economic impacts of cyber security can no longer be ignored. Until recently cyber has been seen as a problem for the IT department to manage but when the worst happens, the whole business suffers.
“A startling finding is that over a third of companies would pay a ransom to retrieve their data from an attacker when there is no guarantee that a business will get its data back or that its systems will be safe to use again.”
Further findings show that:
- Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber-attack; almost a fifth (18%) said one year or more to recover.
- More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.
- Only half (53%) of companies regularly discuss cyber risk at their board meetings
- Only a quarter (24%) of firms have dedicated cyber insurance
Mr Taylor added: “A common problem faced by businesses is failing to understand the full financial impact of a cyber-attack.
“Businesses recognise that there will be disruption but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous.
“A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm’s ability to pay staff or suppliers and stay afloat.
“Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber-attack and don’t always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber-response activity so that they are better equipped to minimise any potential harm.”