Skip to main content
close search
site logo
Dive Brief

Paying ransom is often 'only logical solution' for cyberattacks: Deloitte

Published March 13, 2020
Kristin Musulin's headshot
Kristin Musulin Senior Editor
Kendall Davis / Supply Chain Dive

Dive Brief:

  • Many cities that have fallen victim to ransomware attacks in the last two years have seen paying the ransom as the "only logical solution" to recoup civic data and protect communities, according to a new report from Deloitte
  • Governments are often vulnerable to these attacks due to the criticality of their services, poor defense systems (a result of limited modernization) and the costs of cyber insurance and cybersecurity risk analysts, the report says. Deloitte suggests the costs associated with restoring lost data and lost revenues while systems are down, can be more consequential than the costs of the ransom.
  • To move forward, the report suggests cities learn to build, operate and respond well. Developing smart systems architecture where critical data is compartmentalized is an important defensive measure, as is minimizing risk by improving "cyber hygiene" and proactively investing in cybersecurity talent, the report says.

Dive Insight:

A report from the Internet Society's Online Trust Alliance (OTA) found cyberattacks in 2018 resulted in more than $45 billion in losses, and those attacks didn't slow down moving into 2019. Ransomware attacks on governments in particular spiked in 2019, according to the Deloitte, including notable attacks in Johannesburg, South Africa, and in Texas, where 23 government entities were hit with a "coordinated ransomware" attack in August.

Permission granted by Deloitte Insights
 

Governments have been given mixed messages about how to handle the decision to pay ransom. Josh Zelonis, senior analyst at Forrester, told CIO Dive in July 2019 that paying ransom is just "a straightforward math problem" and should be done when it makes sense for the city's bottom line. Yet, in that same month during the U.S. Conference of Mayors annual meeting, more than 225 mayors signed a resolution to not pay ransom in the event of an attack.

It's a challenging situation to face, but the chances of a city falling victim can be drastically minimized if the right steps are taken. In its report, Deloitte notes that a ransomware attack needs "three ingredients" to be successful: a vulnerable system, encryption of data and a payment method to collect the demanded ransom. By proactively putting measures in place to protect those systems and that data, cities can effectively become a smaller target for ransomware attackers.

A report from ABI Research estimated that $135 billion will be spent in the U.S. on cybersecurity by 2024, and this spending is critical as governments are "only as powerful as the weakest link." Investing in skilled staff to implement protections can be a first step for many governments. Cybersecurity talent can help protect systems, train other government staff and run simulations for preparedness. 

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
François Wasselin Named Head of Infrastructure, Will Lead American Global’s New Center of Exce…
From American Global
October 24, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Climate & Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell