More than a third of Dutch C-level managers believe their organization should pay up after a ransomware attack. The opinion contradicts the advice of security professionals worldwide.

Sophos interviewed C-level managers on ransomware. The survey is troubling. 36 percent believe their organization should pay after a ransomware attack. Nearly half reason that a payment is the fastest way to get the business up-and-running. Just over a quarter argues that the organization cannot afford downtime.

Interestingly, 29 percent say their data is too confidential to put at risk. This group implies that cybercriminals don’t leak data after a ransom payment. Unfortunately, they do. A ransom payment is no guarantee of data preservation. Some attackers choose to sell stolen data after an organization pays the ransom.

“Never pay”, emphasizes Chester Wisniewski, Principal Research Scientist at Sophos. “If you do, you are funding organized crime. There’s no guarantee that these criminals will return your data. They may also ask for additional money before you get all your encryption keys back.”

Respond or prevent?

More than a third of those surveyed say they do not have a concrete cybercrime plan. One in 10 managers share that no one is responsible for coordinating after a cyberattack.

“The reactive approach is worrying”, Wisniewski states. “Attacks have an effect on the entire organization. Therefore, cybercrime plans must be comprehensive — not just focused on the IT infrastructure. Everyone needs to know their role when an attack occurs. That keeps an organization running.”

Tip: Sophos introduces ZTNA for secure user and device connections