View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

30% of security pros would negotiate with criminals over data

Respondents said employee data would be a priority in talks.

By Jimmy Nicholls

Almost a third of security professionals have admitted they would pay for the return of their data if it was stolen by cybercriminals, according to a survey by ThreatTrack Security.

Companies have increasingly suffered threats of extortion during the last few years as criminals become more adapt at stealing data, whether it be customer details or intellectual property.

Though some crooks look to sell on such data, others contact the victim and offer them the chance to buy it back, with the rise in ransomware being one example of this trend.

Writing on its official blog, ThreatTrack said: "Although technically a minority, 30% is still a significant figure.

"It points to an unfortunate conclusion in the cybersecurity trenches that sometimes negotiating with the enemy is the only choice – especially when it comes to preventing the exposure of sensitive employee and customer data."

When asked what data they might negotiate over 37% of respondents pointed to employee data, a figure which may be influenced by the class action suits being launched against Sony Pictures Entertainment for alleged negligence in last year’s hack.

Just over a third of those surveyed said they would do the same for customer data, whilst 30% chose intellectual property and a quarter picked confidential executive communications, which were also leaked in the attack on Sony.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"It was clear that security pros place more value on some types of data than others," ThreatTrack said.

"Further proof came in the answers to a question about whether organisations should set aside funds to negotiate with cybercriminals: 45% of respondents said ‘yes’, but roughly half of them (22%) said it ‘depends on the data’."

The survey covered 250 security professionals working in medium-sized companies in the US.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU