30% of security pros would negotiate with criminals over data

Almost a third of security professionals have admitted they would pay for the return of their data if it was stolen by cybercriminals, according to a survey by ThreatTrack Security.

Companies have increasingly suffered threats of extortion during the last few years as criminals become more adapt at stealing data, whether it be customer details or intellectual property.

Though some crooks look to sell on such data, others contact the victim and offer them the chance to buy it back, with the rise in ransomware being one example of this trend.

Writing on its official blog, ThreatTrack said: "Although technically a minority, 30% is still a significant figure.

"It points to an unfortunate conclusion in the cybersecurity trenches that sometimes negotiating with the enemy is the only choice – especially when it comes to preventing the exposure of sensitive employee and customer data."

When asked what data they might negotiate over 37% of respondents pointed to employee data, a figure which may be influenced by the class action suits being launched against Sony Pictures Entertainment for alleged negligence in last year’s hack.

Just over a third of those surveyed said they would do the same for customer data, whilst 30% chose intellectual property and a quarter picked confidential executive communications, which were also leaked in the attack on Sony.

"It was clear that security pros place more value on some types of data than others," ThreatTrack said.

"Further proof came in the answers to a question about whether organisations should set aside funds to negotiate with cybercriminals: 45% of respondents said ‘yes’, but roughly half of them (22%) said it ‘depends on the data’."

The survey covered 250 security professionals working in medium-sized companies in the US.