Chief executives should be held personally accountable for ransomware attacks against their companies, a new survey has suggested, with many consumers believing that they should give out compensation if their company suffers an attack.
This is according to the findings of a report by international data management firm Veritas Technologies, which suggested that a third of consumers (35%) would hold the bosses of a business directly to account if ransomware attacks were to affect them. A further two thirds of consumers (68%) believe that it would be fair if the company were to pay them a compensation in such an event.
The results came back showing that a slew of interesting opinions are being held to this end. According to the report, for example, if their company falls foul of a ransomware attack, more than two thirds of consumers (35%) would want the boss to pay a fine, with 30% demanding that he/she banned from running a company in the future.
“As consumers, we are increasingly well educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves,” noted Simon Jelly, vice president of product management at Veritas Technologies.
Nearly a third of consumers (29%) would demand that business leaders resign outright following ransomware attacks, while a quarter (25%) would demand that they take a pay cut or be demoted. On the extreme, nearly a full quarter of consumers (23%) would even go so far as to insist that the boss be placed behind bars if his/her company were to fall victim to ransomware. Interestingly, this number is highest in Germany, where as many as 29% of consumer respondents asserted that prison was the ideal punishment.
“The two most essential things that businesses should have in place, according to their customers, are protection software (79%) and backup copies of their data (62%),” Jelly noted in addition to the findings, adding that “if businesses don’t get these basics right, consumers are ready to punish their leadership.”
Ransomware: to pay or not to pay
In addition to these findings, the report found that nearly three quarters of consumers (71%) insisted that bosses get tough on ransomware attacks, saying that they should “stand up” to cybercriminals by refusing to pay the ransom. This belief, however, appears to change when the personal data that is at risk is their own. Should this be the case, the headstrong sentiment would evaporate somewhat, according to the report, with some 55% of consumers saying that they would want the company to pay the ransom in order to save their own sensitive records.
“It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms,” Jelly noted in response to the seemingly contradictory responses. “However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place,” he added.
Notably, when data is held hostage by ransomware attacks, consumers seem to believe that $1,167 is the average price that organizations should pay per affected person. If that stolen data is not able to be restored, nearly two thirds of consumers (65%) reported they would demand compensation from the company, with a significant minority (44%) saying that they would stop buying from a company hit by ransomware no matter the outcome.
Consumer responses amplify ransomware threats
The results of the Veritas Technologies report offer a glimpse into how ransomware attacks affect business through the eyes of the consumers themselves. Results such as these are likely to be of increasing relevance going forward, with ransomware becoming an increasingly prevalent form of attack against businesses. In 2020, for example, cybersecurity firm Sophos found that more than half of all organizations (51%) had been struck by ransomware attacks over the last year, with cybercriminals succeeding in encrypting the stolen data in almost three quarter of those attacks (73%).
As the risk of ransomware continues to mount, companies will likely not only face the fallout from the crime itself, but also the backlash from their customers. “Consumers expect businesses to have the technology in place to restore their data without negotiating,” explained Jelly to this end. “That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place,” he added.