Two-thirds of Singaporean businesses paid ransoms from cyber attacks: report

Businesses have paid upwards of US$500,000 in ransom.

Close to two-thirds of Singaporean businesses paid a ransom after a cyber attack to recover data and restore business processes in the past year, despite the majority of companies having a ‘do not pay’ policy, according to a report by Cohesity.

Findings of the report showed that 36% of businesses who paid ransoms in the past year spent US$500,000 or more, while 47% paid between US$100,000 and US$499,999.

The majority or 80% said they were willing to pay a ransom, with 59% willing to pay over US$1 million and 16% over US$5 million. 

The majority also break the “do not pay” policies of their companies, mainly “because they either can’t recover their data and restore business processes, or overestimate their cyber resilience capabilities,” said James Blake, global cyber resilience strategist at Cohesity.

Close to two-thirds were victims of ransomware attacks in the past year, with 91% expecting cyber threats to get worse this year. 

A third said the target recovery time to minimise the impact of cyber attacks was within one hour, and just 5% said their tolerance to business disruptions caused by cyber attacks was within 24 hours.

“The unfortunate reality for organisations is that destructive cyberattacks, like ransomware or wiper attacks, are a largest threat to their business continuity,” Blake said. “However, organisations can face this reality head-on by enhancing their cyber resilience - the ability to rapidly respond and recover from cyberattacks or traditional business continuity scenarios - by adopting modern data security, response, and recovery capabilities.”

The report surveyed 504 IT and security decision-makers in Singapore and Malaysia.