Quarter of respondents would pay ransom to protect stolen data, survey says
A cloud security survey found that more than 14 percent of respondents would pay ransom demands of more than $1 million.
Nearly a quarter (24.6 percent) of company executives and IT leaders would be willing to pay hackers a ransom to prevent them from leaking critically sensitive stolen data, a global survey of more than 200 execs and IT managers found.
Moreover, 14 percent said they would acquiesce to ransom demands exceeding $1 million.
A joint project of the Cloud Security Alliance and cloud security software provider Skyhigh Networks, the survey and its corresponding report provide a window into IT business leaders' views on cloud applications and their security implications. Respondents said they receive an average of 10.6 requests for cloud-based business applications per month, resulting in 71.2 percent of their companies creating a formal process to vet all these apps.
According to the survey, the second, third and fourth most common reason for rejecting app requests are all security-related, namely:
- The provider is not trusted (53.6 percent)
- Lack of encryption (45.8 percent)
- Lack of data loss prevention (43.9 percent)
According to the survey, it takes an IT security team 17.7 days to evaluate a cloud-based app's security. However, despite security concerns, the report asserted that confidence in the cloud is actually on the rise. In fact, 64.9 of respondents opined that the cloud is as secure as or even more secure than on-premises software.
The report stated that the most commonly cited barrier to moving record-keeping IT systems to the cloud is an inability to enforce corporate policies (67.8 percent of survey-takers). Meanwhile, the biggest barrier to stopping data loss in the cloud is the lack of skilled security professionals (30.7 percent of respondents), suggesting that security analyst jobs are quickly becoming highly in demand. “Across the board, there's a skills shortage,” the report read. “Companies are finding it challenging to recruit and hire people to fill information security positions.”