Ransomware is a scourge on businesses but much more than that it can impact consumer confidence in a business, especially if said consumer’s data is stolen during a ransomware attack.
A study by Veritas of 12 000 consumers in China, France, Germany, Japan, the UK and the USA yielded some very interesting results.
The survey dealt with who is responsible following a ransomware attack and while many enterprises would argue the chief information officer is where the buck stops, consumers disagree.
As many as 40 percent of respondents blame CEOs if their company is breached by ransomware. Of that 40 percent, 42 percent expect a public apology, 35 percent want the CEO to pay a fine.
But the Veritas study shows us that perhaps consumers aren’t the best source of advice when it comes to cybersecurity. We say this because while 71 percent of consumers surveyed say companies should stand up to cybercriminals and refuse to pay a ransom, consumers also expect companies to pay $1 167 for data being held at ransom.
However, Veritas vice president of product management, Simon Jelley explains the contrasting opinions are a bit more nuanced.
“It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place. Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place,” said Jelley.
As mentioned at the top of this story ransomware can impact your business reputation negatively. Veritas’ survey shows this is particularly true in Japan and China where 49 percent and 51 percent of respondents (respectively) said they’d drop a company’s service should it be attacked.
One thing consumers seem to have right though is what protections a company should have in place. These include security software as well as tried and tested backups of data.
All of this having been said, there is a glaring issue here – consumers don’t seem to understand how cybercrime is tackled at a corporate level. While the secrecy of security is necessary perhaps firms could embark on education campaigns with the public to explain how the process works.
[Source – Veritas]