To Pay or Not to Pay? Empirical Studies Show Keys to Ransomware Decisions

Are companies that refuse to pay a ransom happier that those that pay out? Two new data-driven studies of ransomware payments offer detailed insight into victim companies’ decisions about how to recover from the attacks; one survey reveals that companies that refused to pay cybercriminals ended up more satisfied than those that did. In this first article in a two-part series, we examine the factors beyond viable backups that helped companies avoid paying ransoms and the recent expansion of perpetrators’ pressure tactics, with commentary from the studies’ authors at NCC Group and Booz Allen Hamilton. Part two will offer a guide to preparing for payment decisions and will also describe structured approaches to navigating an attack and putting a value on the potential losses. See “New Pressures Shift Best Practices for Ransomware Crisis Communications” (Oct. 13, 2021).

To read the full article

Continue reading your article with a CSLR subscription.