Public apologies, fines and even prison sentences wanted as punishment for CEOs who fail to protect their businesses, finds a study by Veritas Technologies.
Two-fifths (40%) of consumers hold business leaders personally responsible for ransomware attacks the business suffers, according to global research from Veritas Technologies, a global firm specializing in data protection and availability. Furthermore, the research shows that the public often wants restitution from businesses that fall foul of ransomware, with 65% of respondents wanting compensation and 9% even wanting to send the CEO to prison.
Simon Jelley, VP product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves. The two most essential things that businesses should have in place, according to their customers, are protection software (79%) and backup copies of their data (62%). Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership.”
The research, covering six countries and 12,000 consumers, also appears to show a paradox when it comes to paying ransoms. The clear majority of people (71%) want companies to stand up to cyber-bullies and refuse to pay ransoms in order to get their data back. However, when the issue becomes more personal, with a direct threat to their own data, many people change their minds and want the businesses they buy from to negotiate. When it comes to their financial data, 55% of respondents want suppliers to pay the ransom to facilitate the return of their records.
Jelley said: “It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place. Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”
In fact, the study shows how some consumers quickly lose patience with companies that risk their data through ransomware attacks. Almost half of respondents (44%) would stop buying from a company that had been the victim of such a crime.
The research, covering consumers in China, France, Germany, Japan, the UK and the USA, uncovered some interesting patterns that emerge from country to country:
In China, people have the highest tendency to change their minds on negotiating with cybercriminals, when it’s their own critical information. While 80% of respondents believe that businesses shouldn’t negotiate in general, when it becomes a personal issue of recovering their own data, that number drops sharply to just 16%.
Brits have the strongest feelings about standing up to cyber-bullying demands, with 81% believing that businesses should not negotiate with the criminals.
The French seem to be the most forgiving respondents from our surveyed countries, with less than a quarter (24%) wanting to blame company heads, just over half (55%) believing that no-one other than criminals can be blamed for ransomware attacks, and only a third (36%) considering dropping a company’s services after an attack.
Inversely, the Japanese and Chinese are the least forgiving, with 49% and 51% dropping company services after an attack, and China in particular looking to blame business heads directly (66%).
Germans are most vociferous about harsh punishment for leaders following an attack, with 29% of those who blame the leaders also looking for a prison sentence.
In contrast, in the USA the most common attitude for those blaming leaders is to look for fines as punishment (41%).