OF “MAJOR CONCERN”
For its survey, Cohesity polled 302 IT and security executives in Singapore between late June and early July, with most hailing from sectors like IT, telecommunications, manufacturing, healthcare and financial services.
Of the 64 per cent who paid ransoms, almost half – 47 per cent – coughed up between US$100,000 and US$499,999.
Nearly all respondents believed the threat of cyberattacks on their industry would increase or had already increased this year.
A significant majority – 80 per cent – said their company would pay a ransom to recover data and restore business processes.
Almost 60 per cent said their company would be willing to pay over US$1 million in ransom, with 16 per cent saying they would shell out over US$5 million.
In April, Singaporean law firm Shook Lin & Bok was hit by a ransomware attack and paid US$1.4 million in Bitcoin to the Akira ransomware group. The attackers’ initial demand of US$2 million was negotiated down after a week.
In the Cohesity survey, 71 per cent of respondents said their companies actually had “do not pay” policies. For 64 per cent to pay up despite such guidelines is a “major concern”, said Cohesity’s global cyber resilience strategist James Blake.
LONGSTANDING ISSUE
Asked to respond to the survey, CSA said cybersecurity firms like Cohesity regularly produce such reports “based on their own intel and research for their various stakeholders”.
“We note that they are, in their own ways, providing insights into the multitude of cyber threats out there in cyberspace,” said the agency. “However, as this is an independent investigation report by a commercial entity, we have no comment on its contents.”
CSA however told CNA it “strongly discourages ransom payments”.
“With ransomware attacks rising globally, it is vital for organisations to take steps to better protect their systems and data from attacks,” it added, noting that measures in this space have been introduced over the years.