Telstra survey: Half of Australian firms pay to unlock ransomware

Telstra’s survey of IT and business execs has found that majority of respondents have paid ransomware attackers to unlock files and they’d probably do it again if backups weren’t available.

Of 320 Australian respondents, 51 percent said they’d paid ransomware attackers to regain access to encrypted files, Telstra found in its 2019 Security Report. In APAC 48 percent said they had paid a ransom while in Europe 50 percent had.

Key to that decision of course is the availability and quality of backed up data. Norsk Hydro was able to recover its systems after a major ransomware infection by using backups rather than paying the attackers.

Telstra found that 79 percent of Australian respondents said they would pay the the ransom again if there were no backup files. The percentage was similar in other regions.

Perhaps ransomware victims would be willing to pay again because it has worked in the past. Telstra found that 77 percent of Australian businesses that paid the ransom got access to their data afterward. In European regions 88 percent of businesses that paid the attacker got their data back, while in Germany and France 96 percent got their data back after paying.

The 320 Australian respondents in Telstra’s survey accounted for 25 percent of 1,298 respondents around the world, including from Hong Kong, Singapore, the UK, Germany, France, Taiwan, the Philippines, Indonesia, Belgium, Netherlands, and Luxembourg. Respondents from each non-Australian nation accounted for between five percent to 12 percent of the total.

According to Telstra, people with the titles CEO, CFO, CIO, COO, CTO, CISO and CSO accounted for 20 per cent of the global respondents, and 21 per cent in Australia.

It’s now more common for businesses to have experienced a cybersecurity attack, Telstra found. In the 2018 survey just 33 percent of Australian businesses reported experiencing an attack and this that’s up to 48 percent. A similar trend has happened in Europe where attacks rose from 36 percent to 52 percent. Globally, 63 percent of respondents said business had been interrupted by the security breach.

At the same time, fewer Australian organizations report having the ability to detect breaches within “minutes or hours”, falling from 62 percent in the 2018 report to 52 percent in the current report.

However, in Australia and across the globe, more organizations report the ability to detect a security breach within “days weeks or months”. In Australia, the the figure is up from 29 percent last year to 40 percent this year. Across the globe it rose from 35 percent to 44 percent.

The majority of organizations in the survey report having an incident response plan in place and that it is tested. Globally, 78 percent report having such a plan while in Australia 76 percent did. About a third of Australian organizations test the plan monthly while a 46 percent test it quarterly.