Ransom Payments Often Fail to Resolve Security Breaches
Businesses in Singapore are paying an average of S$1.5 million following ransomware attacks, according to a survey by cybersecurity firm Cybereason. However, more than half (55%) of local respondents reported that even after paying the ransom, their data remained inaccessible or corrupted.
Worryingly, 56% of respondents said their organisations were attacked again within 4 to 7 days after the initial incident. These findings are part of Cybereason’s second annual ransomware report, released on Wednesday (Jun 8).
Ransomware Hits Singapore Harder Than Global Average
The study, conducted by Censuswide in April, surveyed 1,456 cybersecurity professionals globally, with 7% of participants from Singapore. Among local respondents, 80% said they experienced a ransomware attack in the last 24 months, a figure higher than the global average of 72%.
Despite paying ransoms, 85% of Singapore respondents suffered a second attack, with 88% reporting that the follow-up attack occurred within a month. In these subsequent incidents, 62% faced higher ransom demands.
Eric Nagel, Asia-Pacific general manager at Cybereason, explained: “Ransomware gangs exploit the recovery time organisations need to reassess their security and secure funding for new tools, which makes them vulnerable to repeat attacks.”
Key Motivations for Paying Ransom
Among those who paid the ransom, 42% cited fear of losing business, 48% believed it was the fastest way to restore operations, and 28% indicated life-and-death scenarios influenced their decision.
With cryptocurrency being the preferred payment method for attackers, 33% of Singapore respondents indicated they would set up a cryptocurrency wallet to prepare for potential future incidents.
A Global Perspective on Ransomware
Globally, 73% of survey participants reported experiencing at least one ransomware attack in the last two years, and 80% of those who paid the ransom were targeted again. The survey revealed that industries such as financial services, retail, government, and manufacturing are particularly vulnerable.
The findings underscore the urgency for organisations to invest in robust cybersecurity measures and avoid relying on ransom payments as a solution. Instead, businesses are encouraged to focus on long-term strategies to strengthen their security posture against increasingly sophisticated ransomware threats.
