To Pay or Not to Pay: How to Determine if Paying Ransomware Is the Right Decision

If the threat of ransomware is keeping you up at night, you are not alone. The rate of attacks is steadily increasing and the debate of whether to pay or not looms large, especially for midsize organizations. UncommonX’s recent State of Cybersecurity for Midsize Organizations study found that 60% of senior IT executives from midsize organizations reported suffering a ransomware attack in the past 18 months and 20% reported paying $250,000 or more to fully recover their operations.

Executives facing the daunting question of whether they should pay the ransom have a lot to consider — but they must do it fast. Some companies will pay immediately. In fact, many companies budget ransom money as part of the cost of doing business. While paying may seem like a quick resolution at the time, it’s a decision that shouldn’t be made lightly. There are several factors to consider, and most of them point to not paying.

Consider These Factors When Deciding Whether to Pay

The first question is, can the company afford it? The Ponemon Institute’s Cost of a Data Breach Report 2021 revealed that the overall cost of a ransomware breach has increased to $4.24 million per company. That doesn’t even include the ransom. It’s the combined costs of reacting to the attack, stolen data, lost revenue and customers, recovery and other related costs, even if the ransom is paid. That kind of financial hit can shutter some businesses for good.

The above is a summary from an article in Forbes written by John Morris. To see the full article, click here.

For more about protecting your organization, contact the UncommonX team to request a demo of our XDR platform and talk about your specific security needs.

About the Author

John Morris is a member of the UncommonX Board of Directors and a former CEO. He has over 30 years of experience growing technology companies. Prior to UncommonX, he held senior executive roles in the U.S. and Asia at IBM and Juniper Networks, and led Cleversafe (acquired by IBM for $1.3 billion) as its CEO.