SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Majority of Aussie businesses ready to pay cyber ransom, survey shows
Tue, 14th Nov 2023

In light of ongoing cyber attacks impacting Australian companies, a recent report by McGrathNicol Advisory discloses the larger impact of the ransomware menace facing businesses in the country.

The report, now in its third year, was instituted in partnership with YouGov, and presents a comprehensive survey of 500 business owners, partners, directors and C-suite leaders across companies housing more than 50 employees.

Tabulated research reveals that an alarming 73% of these surveyed Australian businesses have been victims of a cyber-attack in the past five years and yielded to paying a ransom.

Significantly, it further cites that 70% of businesses, embracing even those yet unscathed by an attack, assert willingness to pay a cyber ransom, thus trimming any hopes of governmental advisories against ransomware payments making an impression within the business community.

Darren Hopkins, Cyber Partner at McGrathNicol Advisory, said: "Businesses are still overwhelmingly paying ransoms, and paying them quickly, to avoid negative backlash from customers, partners and stakeholders. It's now being factored in as a cost of doing business."

Additional key findings include indications that businesses are paying ransomware demands swiftly, with 74% completing the transaction within 48 hours - a percentage consistent with previous years.

However, an ill-founded veil of confidence seems to cloud these businesses in terms of their preparedness to tackle an attack. While 88% of executives appear assured of their defence mechanisms, only 61% of these organisations have developed a cyber incident response plan with an additional 18% unsure of its existence.

Providing a relief, cyber insurance apparently offers a sense of security with 80% of businesses deeming their policy good value, and 64% agreeing that their policy protection provides peace of mind.

Delving into the most common mode of entry of such attacks reveals the prevalence of email phishing, which formed the source in 30% of all ransomware attacks in 2023.

The report also makes startling revelations on the topic of reporting ransom-related infractions to authorities. Reversing the trend of 2022 where 75% of executives supported mandatory reporting, the current year sees a slump in this figure with only 60% of executives supporting mandatory reporting and less than half suggesting reporting the attack when a ransom hasn't been paid.

Hopkins further commented: "The research shows that executives are becoming empathetic and less hard-nosed about reporting these attacks to authorities. But without greater collaboration and knowledge-sharing, our ability to prevent ransomware attacks is undermined."

Blare Sutton, Cyber Partner at McGrathNicol Advisory, added: "The growing acceptance of ransomware payments indicates that the threat is becoming normalised. However, this isn't making businesses safer, it is merely continuing to fund the activities of cyber criminals who are evolving and diversifying their attacks."