Business owners in the United States recognize the severity of ransomware and the potential disruption to business operations, yet 84 percent say they would not pay in the event of an attack, according to a survey by data security and identity theft protection firm IDT911.
However, a third of the 1,035 small to medium-size business (SMB) owners surveyed said they could not go without access to critical business systems for any length of time.
A majority of SMB owners surveyed (75 percent) said they do not have cyber-insurance or are unsure if their policy includes cyber-protection, and nearly two-thirds (65 percent) said they currently do not, nor plan to, budget extra funds.
"The most concerning finding is that while small business owners acknowledge vulnerability, nearly 75 percent do not have cyber-insurance or are unsure if their policy includes cyber-protection," Matt Cullina, CEO of IDT911, told eWEEK. "Data breaches at major corporations may dominate the headlines, but the biggest mistake a small business owner could make is thinking, 'This would never happen to me.'"
Cullina noted SMBs are actually one of the most vulnerable targets for cyber-attacks—most notably ransomware—and need to implement necessary precautions to keep their data safe.
He also predicted urgency and awareness will most certainly increase as ransomware becomes even more common, noting SMBs are a sitting target and will be victimized accordingly.
"I believe that the issue will become so dire and widespread, these business owners simply won't have any other choice but to plan ahead and put the proper safeguards, such as cyber-insurance, in place," he said.
One problem is that, according to the report, 22 percent of SMB owners are unsure how to, or are not aware of the need to, back up their system and files, and just 3 percent say they would pay $10,000 or more in a ransomware attack.
These attitudes and practices may be changing, however, as Millennials (ages 18 to 34) are more likely to have cyber-insurance protecting their business than those respondents aged 35 to 44.
Interestingly, the survey indicated female business owners are more likely than men to report ransomware attacks to authorities right away.
"There's a chance men may feel more embarrassed becoming the victim of a cyber-attack and less likely to report it to authorities because they believe they can handle the situation on their own. Or, maybe they don't believe the authorities will be able to remediate the situation," Cullina said. "We're certainly trying to end this type of thinking and build some real awareness of ransomware amongst SMB owners so that everyone—both men and women—knows the best way to handle it. Hopefully this report will be a step in the right direction."