#privacy: 40% of IT Pros would illegalize ransomware payments

Research has revealed that almost 58% of IT security professionals would pay a ransom to get their data back.

A survey of 145 IT security professionals who had visited the AT&T booth at this year’s Black Hat USA, found that about 40% of respondents believe that paying a ransom to regain data should be made illegal. 

The security professionals were asked about how adequate their defences against ransomware were, to which surprisingly 69% claimed they were prepared for a ransomware attack. Whilst 31% cited that they were not sure. 

These results are “ pretty surprising” Rick Langston, lead product manager at AT&T Cybersecurity commented, considering that ransomware attacks on businesses have increased in the first quarter of 2019 by 195% since the last quarter of 2018, as reported by Malwarebytes

“Only time will tell if our respondents are as prepared as they feel. We hope everyone is double checking their backups in the meantime.”

The survey also wanted to understand how security buyers felt about their security programs and their “ever-increasing complexity”. It was discovered that over 30% of respondents use at least 20 products, whilst under 20% of respondents cited using between 1 to 5 products.

Despite this complexity, 69% of respondents stated that they had their security regime under control, with just 29% admitting that they were overwhelmed by the complexity. 

One particular question asked in the survey shined a light on the major challenges security buyers and vendors have: “Does inconsistent or incomplete integration of security solutions make your organization more vulnerable?” To which 60% of respondents answered that it does. 

Amongst the findings, it was revealed that IT security professionals were kept “up at night” thinking about Nation-state hackers, followed by insider threats, phishing, DDoS attacks and ransomware. 

Langston added: “It’s clear from this research that organizations are still struggling when it comes to ransomware. Many do not know the best practices when it comes to ransomware, or worse, do not feel confident to handle attacks effectively.

“Companies not only have to mitigate ransomware by having a solid security program that uses protection tools to close down all possible attack vectors, but also have back-ups that are separate from the network in case the worst happens.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/