Singapore – Over 82% of respondents indicated that their company would be willing to pay a ransom to recover data and resume business operations, with 11% stating that they might consider it depending on the ransom amount. This is according to a recent report from AI-powered security and management firm Cohesity.
Data from the report found that around 59% of Singaporean respondents and 74% of Malaysian respondents reported that their company would be willing to pay over US$1m to recover data and restore business processes. Around 16% and 22%, respectively, said their company would be willing to pay over US$5m for the same purpose.
Moreover, respondents underscored the importance of being able to respond and recover, revealing that 69% of respondents shared that their organisation had paid a ransom in the last year. This happened despite 74% of them stating their company had a ‘do not pay’ policy.
Among the 64% of Singaporean respondents who had paid a ransom in the last year, 36% paid US$500,000 or more in ransom payments, while 47% have paid ransoms between US$100,000 – US$499,999.
Comparatively, of the 76% of Malaysian respondents who had paid a ransom in the last year, 27% paid US$500,000 or more in ransom payments, while 54% have paid ransoms between US$100,000 – US$499,999.
Meanwhile, about 42% of the respondents said their centralised visibility of critical data between IT and security could be improved. When asked about their data access control measures to align with zero trust security principles, 2 in 3 companies or less said they have deployed multi-factor authentication, separation of duty controls, or role-based access controls.
Despite governments and public institutions going to great lengths to encourage more robust cybersecurity, data protection, and data privacy, only 56% of respondents said they had all the IT and security technology capabilities to identify sensitive data and comply with applicable data privacy laws and regulations.
Respondents also revealed that the benefit of advanced threat detection, data isolation, and data classification stretches beyond capabilities, with 88% saying these are vital for cyber insurance qualification or securing discounts on policies.
Additionally, the report also showed the wide reach of AI extends to the cyber threat landscape, with 4 in 5 respondents reporting their organisation had responded to what they believe to be AI-based cyberattacks or cyber threats in the past 12 months.
Despite being challenged by these attacks and threats that leverage AI, 89% further said they had the ‘necessary AI-powered solutions to counter and respond to these attacks’.
Among the 20% who reported not having responded to AI-based cyberattacks or cyberthreats in the past 12 months, 55% said they have the ‘necessary AI-powered solutions to counter and respond to these attacks.’ Nearly 3 in 10 respondents, on the other hand, acknowledged not having such solutions, and close to 1 in 6 (16%) expressed uncertainty regarding their capabilities.
Speaking about the report, James Blake, global cyber resilience strategist at Cohesity, said, “The unfortunate reality for organisations is that destructive cyberattacks, like ransomware or wiper attacks, are a largest threat to their business continuity. However, organisations can face this reality head-on by enhancing their cyber resilience—the ability to rapidly respond and recover from cyberattacks or traditional business continuity scenarios—by adopting modern data security, response, and recovery capabilities.”
“It’s not earth-shattering that organisations are being hit with cyberattacks. But what is of major concern is that 69% of respondents said their organisation had paid a ransom, with many breaking their ‘do not pay’ policies because they either can’t recover their data and restore business processes or overestimate their cyber resilience capabilities,” he further shared.
Sathish Murthy, director of systems engineering at Cohesity ASEAN and India, also stated, “The first step in achieving cyber resilience is managing and securing access to the business-critical data that must be recovered from to restore business processes when suffering a cyberattack. The fact that just over 2 in 3 have one of the three most important data access controls deployed demonstrates the significant risk that Singaporean and Malaysian companies have in being able to recover as fast as possible.”
Blake further explained, “Cyber resilience is non-negotiable because the motivation of attackers is so high and attack surfaces are so wide, a complete belief in protective controls is unrealistic. Successful cyberattacks and data breaches severely impact business continuity, including revenue, companies’ reputation, and customer trust.”
“This reality should keep business leaders, not just IT and security leaders, awake at night. Regulation and legislation should not be the ‘ceiling’, but instead a high ‘floor’, in developing cyber resilience and adopting data security best practices or capabilities,” he concluded.
