About a quarter, 24.6 percent of companies would be willing to pay a ransom to hackers to prevent a cyberattack; and 14 percent would pay more than $1 million. That is according to a survey released by the trade body the Cloud Security Alliance (CSA). The survey (done alongside Skyhigh Networks) was analysing cloud security trends such as ransomware, the security skills gap and role of the CISO. Other findings include:
The top barrier to stopping data loss in the cloud is a lack of skilled security professionals; and
Cloud confidence is rising: 64.9 percent of IT leaders think the cloud is as secure or more secure that on premises software
Putting these findings into context, Skyhigh also released real-life data of more than three million European cloud users and 16,000 cloud applications, in its latest European Cloud Adoption and Risk Report (CARR) – for the fourth quarter of 2015. The report suggests that by the end of 2015, for the first time ever, the average European enterprise now uses more than 1000 cloud applications – with some companies using as many as 6000. The report also found a rise in EU-based cloud services, which nearly doubled over a six month period (from 14.3 percent to 27 percent of services) and that only 8.1 percent of the 16,000 services analysed meet enterprise requirements for data and privacy.
Nigel Hawthorn, Skyhigh Networks’ Chief European spokesperson, says: “It’s shocking that so many companies are willing to pay even a penny’s ransom, and would trust hackers not to follow through with an attack. The idea that some would pay more than $1m is downright staggering. There are no guarantees at any price, and there is no way back once the payment is made.
“Examples of companies refusing to pay up, such as Meetup.com, are few and far between. As such, hackers are increasingly confident they can hold businesses over a barrel, that they can execute crippling cyberattacks and that most businesses would rather pay up than put up. There will be several high profile examples of ransomware in 2016, and countless unreported incidents on top of that.”
