Canadian Security Magazine

IBM study: Businesses more likely to pay ransomware than consumers

By Staff   

News Data Security backups business cybercriminals data data breach financial data IBM ibm security ibm xforce ransomware study intellectual property limor kessem ransomware ransomware attacks ransomware: how consumers and businesses value their data workplace

The results from an IBM X-Force ransomware study are in, finding 70 per cent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 per cent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data.

The IBM study, “Ransomware: How Consumers and Businesses Value Their Data” surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data.

Ransomware was one of the leading cybersecurity threats in 2016 with the FBI estimating cybercriminals, in the first three months of this year, making a reported $209 million. This would put criminals on pace to make nearly $1 billion in 2016 from their use of the malware. In fact, according to IBM X-Force research, ransomware made up nearly 40 per cent of all spam e-mails sent in 2016.

The study found nearly one in two business executives surveyed have experienced ransomware attacks in the workplace and 70 per cent of these executives said their company has paid to resolve the attack, with half of those paying over $10,000 and 20 per cent paying over $40,000.

As part of the survey, nearly 60 per cent of all business executives indicated they would be willing to pay ransom to recover data. The data types they were willing to pay for included financial records, customer records, intellectual property and business plans. Overall, 25 per cent of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.


Meanwhile, only 29 per cent of small businesses surveyed have experience with ransomware attacks compared to 57 per cent of medium size businesses. While cybercriminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable, IBM says. The study found that only 30 per cent of small businesses surveyed offer security training to their employees, compared to 58 per cent of larger companies.

“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” said Limor Kessem, executive security advisor, IBM Security and the report’s author. “The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”
For additional tips and details on the survey findings, you can download the full report at:

Print this page


Stories continue below