View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

30% of security pros would negotiate with criminals over data

Respondents said employee data would be a priority in talks.


Almost a third of security professionals have admitted they would pay for the return of their data if it was stolen by cybercriminals, according to a survey by ThreatTrack Security.

Companies have increasingly suffered threats of extortion during the last few years as criminals become more adapt at stealing data, whether it be customer details or intellectual property.

Though some crooks look to sell on such data, others contact the victim and offer them the chance to buy it back, with the rise in ransomware being one example of this trend.

Writing on its official blog, ThreatTrack said: "Although technically a minority, 30% is still a significant figure.

"It points to an unfortunate conclusion in the cybersecurity trenches that sometimes negotiating with the enemy is the only choice – especially when it comes to preventing the exposure of sensitive employee and customer data."

When asked what data they might negotiate over 37% of respondents pointed to employee data, a figure which may be influenced by the class action suits being launched against Sony Pictures Entertainment for alleged negligence in last year’s hack.

Just over a third of those surveyed said they would do the same for customer data, whilst 30% chose intellectual property and a quarter picked confidential executive communications, which were also leaked in the attack on Sony.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

"It was clear that security pros place more value on some types of data than others," ThreatTrack said.

"Further proof came in the answers to a question about whether organisations should set aside funds to negotiate with cybercriminals: 45% of respondents said ‘yes’, but roughly half of them (22%) said it ‘depends on the data’."

The survey covered 250 security professionals working in medium-sized companies in the US.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy