05 June 2018
| Natalie Bannerman
One third of global business decision makers say their organisations would pay a ransom demand from a hacker rather than invest in information security.
The findings come from 2018 Risk: Value Report by NTT
Security, who found that the trend is because
company’s want to cut the costs associated with
investing in robust information security.
"We’re seeing almost unprecedented levels of
confidence among our respondents to this year’s
report, with almost half claiming they have never experienced a
data breach, said Kai Grunwitz, senior VP of EMEA at NTT
Security. "Some might call it naivety and perhaps suggests that
many decision makers within organisations are simply not close
enough to the action and are looking at one of the most serious
issues within business today with an idealistic rather than
According to the report in the UK this figure sit around
21%, and a further 30% of businesses in the UK are not sure if
they would pay the ransom or not indicating that only
approximately half are prepared to proactively invest in
There also seems to a distorted perception of confidence
among UK respondents. 41% claim that their organisation has not
been affected by a data breach compared to the 47% worldwide.
Conversely 10% expect to suffer a breach, 31% do not expect to
suffer a breach at all and interestingly 22% say that are not
sure if they have suffered a breach or not.
"This is reinforced by that worrying statistic that more
than a third globally would rather pay a ransom demand than
invest in their cybersecurity, especially given the big hike in
ransomware detections and headline-grabbing incidents like
WannaCry. While it’s encouraging that many
organisations are prepared to take a long-term, proactive
stance, there are still signs that many are still prepared to
take a short-term, reactive approach to security in order to
drive down costs," added Grunwitz.
Image and perception came top of the list when asked how a
data breach will impact their business most, with almost three
quarters 73% concerned about loss of customer confidence and
damage to reputation next at 69%. In revenue terms an estimated
9.72% is the predicted loss a company could expect to take
Earlier this year NTT Security produced its Global Threat
Intelligence Report (GTIR) in which it reported that ransomware
attacks increased by 350% during 2017 alone, and accounting for
29% of all attacks in EMEA and 7% of malware attacks
As far as organisational responsibility for information
security, the results were mixed. 19% of UK respondents said
the chief information officer is responsible, compared to 21%
for the chief executive officer, 18 % for the chief information
security officer and 17% for the IT director.
In terms of preparedness 17.02% of respondents said that
their operations departments spent more of its budget on
security, 12.94% said they noticed an increase in security
spending in their IT departments, compared to the 17.84% and
14.32% in operations and IT worldwide.
77% of UK organisations and 57% globally say they have a
security policy in place, while 10% and 26% globally are
working on one. 85% of UK respondents with a policy in place
say that it is actively communicated, with 30% claiming that
their employees are fully aware of it.
"The UK is leading the pack when it comes to planning for a
security breach or for non-compliance of information/data
security regulations," continued Kai Grunwitz. "Given that the
GDPR has just come into force, this is encouraging. However,
while the majority claim their information security and
response plans are well communicated internally, it seems
it’s only a minority who are 'fully
aware’ of them. This continues to be an area that
businesses are failing on time and time again and needs to be
addressed as a priority."
2018 Risk: Value Report,
Global Threat Intelligence Report,