top of page

To Pay or Not to Pay: that is the ransomware victim’s dilemma.

A recent report commissioned and published by Cyber Security company Cybereason has identified some worrying statistics regarding organisations who become victims of ransomware and the decisions around paying the demands of the threat actors. Ransomware: The True Cost to Business 2024 by Cybereason, states that nearly four out of five organisations (78%) that complied with a ransom demand experienced a subsequent ransomware attack, often from the same perpetrator.

There are several financial and ethical questions raised when a ransomware demand is placed onto an organisation. Often, the cost of operational disruption is weighed against the cost of the demand, with companies choosing to pay in a bid to preserve their reputation and resume business as normal. However, there are various ethical issues with the choice to pay a ransomware demand. Considering ransomware is a crime, paying the demand gives money directly to criminals, which goes against the ethos of many businesses.

Why pay at all?

The report confirmed what many involved in the sector already understand:

• Threat actors threatened to disclose sensitive information,

• Victim companies feared loss of business,

• Paying seemed to be the fastest solution,

• It was a holiday/weekend, and they were short-staffed,

• It was a matter of life and death,

• They didn’t have backup files,

• Staggering Business Costs of Ransomware

What does the future hold?

The best guess is to start with where we are now and, assuming that we make no significant progress with helping the business community, then things will only get worse.

Currently, of those organisations becoming a repeat victim, about two-thirds (63%) faced higher ransom demands during the second attack, out of the 78% that suffered a second breach, 36% were targeted by the same threat actor, while 42% were attacked by a different perpetrator.

In total, more than half (56%) of the surveyed organisations encountered multiple ransomware attacks in the past 24 months. The study, based on responses from over 1000 cybersecurity professionals, revealed that an alarming 84% of organisations opted to pay the ransom after being breached.

However, less than half (47%) of those who paid to recover their data and services without corruption, underscoring that paying the ransom typically does not resolve the issue.

This latest report gives a clear insight into the ransomware problem and demonstrates that there needs to be greater education and awareness for companies of all sizes about this particular type of cyber-attack. People need to know how to protect themselves, why this is important, and why paying the ransom is not the solution.

How can the ECRC help?

Signing up as a free member of the Eastern Cyber Resilience Centre gives you access to our ‘Little Steps’ programme, which breaks down cyber resilience into bite-sized chunks. Additionally, you can find free support tools and guidance that is sector-specific on our website, as well as up to date information about any relevant ransomware news.

The ECRC also offers affordable support services that can help you protect and prepare for ransomware without breaking the bank. This includes Security Awareness Training, First Step Web Assessments and Remote Vulnerability Assessments, amongst others.

Additionally, for any organisations looking to become accredited in Cyber Essentials, not only does our ‘Little Steps’ programme help you become compliant with the criteria for this, but we also have a list of Cyber Essentials Partners, who are companies that are all able to accredit you with this certification.

If you would like to know more about what we can do for you at the ECRC, why not book a chat with us today?

ECRC logo
Join free to start your cyber resilience journey

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.

Reporting a cyber-attack which is not ongoing:

Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page