Firms should pay attackers $1,167 per customer hit by ransomware — study

Seven in every 10 (71%) of consumers believe businesses should stand up to hackers and refuse to pay ransoms, but if their personal data are compromised, the firms should give in and pay attackers an average of US$1,167 per user, according to Veritas Technologies.

This is based on research conducted and statistics compiled for Veritas Technologies by 3Gem. The study covered a total of 12,000 adults who were interviewed in April 2020 — 2,000 each in China, France, Germany, Japan, the United Kingdom and the United States.

Findings reveal that end users expect the supplier to pay hundreds of millions of dollars in the hope that their data is returned.

The average respondent specified the following amounts for different data type, such as $1,687 for data on personal finances; $1,491 for government records; $1,344 for medical records; and $886 for basic personal data. 

Additionally, nearly two-thirds (65%) thought they should be personally compensated if the company still can’t retrieve the information that’s been stolen.

“Whilst it may initially seem like businesses can’t win regardless of whether they pay or not, they are actually getting a clear message from consumers: people want their providers to escape the dilemma of whether to pay, or not to pay, by avoiding the situation in the first place,” said Simon Jelley, VP for product management at Veritas Technologies.

“Our research shows that, if businesses want to please their customers, they need to prepare for an attack and be ready to recover from it – so, if the worst happens, they have tried-and-tested recovery procedures in place and there’s no need to pay out,” said Jelley.

Among respondents, 79% said firms should have in place protection software and 62% said the firms should have backup copies of their data.

In findings that some CEOs might find alarming, as many as 40% of consumers held the leader of the organisation personally responsible for the attacks. Nearly a quarter (23%) said the CEO should face a prison sentence.

One-third (35%) said the CEO should pay a fine. Over a quarter (27%) said the CEO should resign, and 25% said the CEO should take a pay cut or be demoted.