Ransom-Aware: Consumer awareness high in the wake of WannaCry

News by Danielle Correa

Carbon Black's latest study gauges public perception of ransomware, paying ransoms and consumer expectations on businesses to keep their data safe.

The WannaCry attack brought the threat put forth by cyber-criminals onto the global stage in an unprecedented fashion, according to a new study.

Carbon Black polled 5,000 consumers to reveal expectations on business to protect sensitive data. The research also delved into consumer perceptions on ransomware in the wake of WannaCry.

Public perception has been, at least for the time being, raised by the high profile nature of the WannaCry attack. Data showed that 57 percent of consumers labeled WannaCry as the first exposure they'd had to ransomware. It remains to be seen whether the increase in awareness will continue or whether it fades from memory in coming weeks, months and years.

Mike Viscuso, CTO of Carbon Black told SC Media UK: “Following the high-profile breaches in recent years at leading financial institutions, healthcare providers and retailers, consumers have an unprecedented awareness of cyber-security issues. This awareness is translating to greater demand for the businesses they trust to remain accountable when it comes to keeping information safe.”

Approximately seven out of 10 consumers trust their financial institutions and healthcare providers to keep data safe, but only half (52 percent) trust retailers. This may be due to the high-profile breaches experienced at major retailers in recent years, such as that of Brooks Brothers, Neiman Marcus and Home Depot.

The report points out the depersonalised nature of the retail relationship, which is often limited to transactions, compared with the often personal relationship and level of trust tied to financial institutions and healthcare providers. The trust may translate to a higher level of confidence that the organisation always has the consumer's best interest.

Many consumers believe violation of that trust, in relation to cyber-security, could result in leaving a business that is successfully attacked. A large majority (70 percent) of consumers would consider leaving a business if it were hit by a ransomware attack. Seventy-two percent of consumers would consider leaving their financial institution if they were hit by ransomware, followed by retailers (70 percent) and healthcare providers (68 percent).

When asked what their most sensitive information is, 42 percent of those surveyed said it was financial data, followed by personal and family photos and videos (41 percent). Mobile data and medical records were most valued by only five percent of respondents.

Close to a dead heat, 52 percent of respondents said they would be willing to pay ransom money and 48 percent said they would not. Of the 52 percent that would pay, 12 percent said they would pay $500 (£390) or more, 29 percent said they would pay between $100 (£78) and $500, and the majority (59 percent) would pay less than $100.

The obligation to keep consumer data safe is mostly on individual organisations, according to consumer respondents. The burden is distributed among government organisations, software providers and cyber-security companies as well, but consumers say the buck stops with the companies that are trusted with private data.

In the wake of WannaCry, consumers have an awareness that should be worrying to businesses. While ransomware is certainly nothing new, consumers are increasingly turning to businesses with questions about how they are protecting their sensitive data.

“ Consumers in the US and Europe are coming to understanding that compromise is inevitable. It's not a matter of if a business will be attacked, but when. Those businesses who prepare for the inevitable data breach will be better suited to keep customer data protected,” Viscuso concluded.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews