To pay or not to pay: CISOs weigh in on the ransomware dilemma
CSO Online
|
Contributed by: Sarah Richardson
Summary
Proofpoint's 2024 "Voice of the CISO" report indicates that ransomware remains a top concern for Chief Information Security Officers (CISOs) worldwide, with 62% stating they would likely pay a ransom to restore access to systems. The willingness to pay is notably high in Saudi Arabia, Canada, and South Korea. CISOs cite cost-benefit analyses, downtime avoidance, and legal implications as primary reasons for considering ransom payments. However, ethical considerations, legal risks, and potential penalties for paying sanctioned entities complicate these decisions. CISOs ultimately don't have the final say, but they act as key advisors to organizational leadership. The dilemma reflects a complex balance between immediate operational continuity and long-term ethical and regulatory consequences.