In the survey of 750 CISOs in the US and UK, 58% said their organization would be willing to pay to end a ransomware incident.
This flies in the face of advice from the authorities in both countries. “It is the UK government’s long-standing position, alongside law enforcement partners, that it does not encourage, endorse nor condone the payment of ransom demands,” said a spokeswoman for the UK National Cyber Security Centre.
The FBI, too, warns not to give in to ransomware demands, noting that paying only encourages the perpetrators to attack others.
Another reasons law enforcers advise enterprises not to pay is that there is no guarantee they will get their data back if they do.
