Australian businesses are willing to pay double the cyber ransom in 2022, at a faster rate
In its second year, McGrathNicol Advisory in conjunction with YouGov, surveyed over 500 Australian business owners, partners, directors and C-Suite leaders to deliver a real-world barometer on changing attitudes towards cyber ransoms and associated board-level challenges. The study shows the true extent of ransomware attacks on Australian businesses and the willingness of leaders to make substantial payments to cybercrime groups.
The 2022 research found that almost seven in ten (69 percent) businesses have now experienced a ransomware attack in the past five years, which is a significant increase from 31 percent in 2021. Of those experiencing an attack, four in five (79 percent) businesses chose to pay the ransom and the average cyber ransom amount paid was $1.01 million which is consistent with the prior year.
However, the average amount that businesses would be willing to pay is considerably higher and has almost doubled to $1,288,608 compared to $682,123 in 2021. This shows that businesses are anticipating the financial fallout of a cyber breach far better than they were 12 months ago.
The McGrathNicol research also found that many businesses are over-confident in their abilities to respond to a ransomware attack, but the reality is that many are still very unprepared. Almost four in five (78 percent) businesses believe that their organisation is ‘well prepared’ to respond to a cyber-attack, with half (51 percent) reporting that they are ‘very prepared’. However, this is at odds with other details in the research, which found that 13 percent of businesses said it took them two days or longer to inform all relevant stakeholders, whilst three in ten (28 percent) are unsure whether an attack would be reported to all stakeholders. Alarmingly, one in five (20 percent) large businesses with more than 1000+ employees admit that they did not report the attack to all relevant stakeholders.