Crisis response teams in the education sector are the most likely to pay a ransomware demand, according to a recent report from cybersecurity firm Immersive Labs.
The study analysed the cyber knowledge, skills and judgment of more than 2,000 organisations during “crisis scenarios” on Immersive Labs’ training platform.
Over the course of half a million exercises and simulations, the Bristol-based company found that ransomware attacks caused the greatest level of uncertainty among cyber crisis response teams.
Ransomware is a form of cybercrime wherein the attacker encrypts data from the victim and threatens to either publish or destroy it unless the victim pays a ransom fee.
While 25% of crisis response teams working for education sector companies paid the ransom, 0% working in infrastructure succumbed to the demand.
In an encouraging sign for the UK fintech sector, financial service teams were the second-least likely to pay, with just 13% choosing to part with cash.
Some 18% of government crisis response teams paid the ransom demand, “despite official guidance in most countries stating not to”.
“Ransomware is an immediate threat. And when we have an immediate threat, that has an impact on the way that our brain starts working,” Rebecca McKeown, director of human sciences at Immersive Labs, told UKTN.
According to McKeown, part of what makes these types of cyberattacks so difficult to deal with is the psychological aspect.
Ransomware criminals usually give the victim a limited time to pay the demand before publishing or destroying the stolen files.
“The fight or flight mechanism kicks in. As soon as you’re in that situation, your ability to think is very narrowly focused,” McKeown explained.
“If you’re in that sort of situation, and you have that going on in your mind, you’re not necessarily considering all of the different options available to you.”
McKeown added that ransomware attacks are particularly dangerous due to the limited experience of in-house cybersecurity teams compared with other dangers.
“There’s a lot of information about different sort of threats that come in, and you can prepare in that sort of respect, but ransomware takes it to another level.”
The risks presented by ransomware attacks are also potentially greater for early-stage startups, which typically focus more resources on growth.
McKeown said: “If you are a small startup and you have a smaller response team or you don’t necessarily have a full-on crisis response team then that is going to magnify the impact.”