CYBERATTACKS - The Ransomware Dilemma
MIT Sloan Management Review|Summer 2022
The decision on whether to pay up when cybercriminals hold data hostage is shaped by choices leaders made long before an attack.
PHILIPP LEO, ÖYKÜ IŞIK, AND FABIAN MUHLY
CYBERATTACKS - The Ransomware Dilemma

The ransomware business is booming: In the United States alone, this form of cyberattack increased in frequency by 200% between 2019 and 2021. It’s an urgent threat, but too many leaders are caught flat-footed when it happens to them. Ransomware is malicious software that uses encryption to prevent access to data on the infected machine, effectively paralyzing the computer system. The culprits behind the attack then demand payment in exchange for decrypting the files and restoring access to the infected systems. The tactic dates to the 1980s, but it became a prominent threat to businesses after 2010 with the rise of cryptocurrency, criminals’ preferred mode of payment.

It’s a threat riddled with uncertainties, which makes planning a response difficult. Many organizations just want to find the quickest way out, and that often means paying the ransom, even though the financial burden may be considerable and the outcome far from certain. In a recent study of 300 companies, 64% revealed that they had experienced a ransomware attack within the previous 12 months, and a staggering 83% of those paid the ransom. On average, only 8% of organizations that paid up recovered all of their data, while 63% got about half of it back.

Some organizations receive a demand for a second (and perhaps even higher) ransom, despite having paid the first one on time, but the worst-case scenario is when the victim pays but either never receives the decryption key or it doesn’t work as intended.1

Organizations that decide not to pay also bear costs in terms of business downtime and lost revenues. And organizations that are caught unprepared, without a reliable backup system or an incident response plan, end up suffering the most — not only financially but also reputationally.

Esta historia es de la edición Summer 2022 de MIT Sloan Management Review.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

Esta historia es de la edición Summer 2022 de MIT Sloan Management Review.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

MÁS HISTORIAS DE MIT SLOAN MANAGEMENT REVIEWVer todo
Avoiding Harm in Technology Innovation
MIT Sloan Management Review

Avoiding Harm in Technology Innovation

To capitalize on emerging technologies while mitigating unanticipated consequences, innovation managers need to establish a systematic review process.

time-read
10+ minutos  |
Fall 2024
Make a Stronger Business Case for Sustainability
MIT Sloan Management Review

Make a Stronger Business Case for Sustainability

When greener products and processes add costs, managers can shift other levers to maintain profitability.

time-read
9 minutos  |
Fall 2024
How to Turn Professional Services Into Products
MIT Sloan Management Review

How to Turn Professional Services Into Products

Product-based business models can help services firms achieve greater scale and profitability. But the transformation can be challenging.

time-read
10 minutos  |
Fall 2024
Do You Really Need a Chief AI Officer?
MIT Sloan Management Review

Do You Really Need a Chief AI Officer?

The right answer depends on the strategic importance and maturity of AI in your company.

time-read
10+ minutos  |
Fall 2024
Where To Next? Opportunity on the Edge
MIT Sloan Management Review

Where To Next? Opportunity on the Edge

Doing business in regions considered less stable or developed can pay off for companies. But they must invest in working with local communities.

time-read
10 minutos  |
Fall 2024
Make Smarter Investments in Resilient Supply Chains
MIT Sloan Management Review

Make Smarter Investments in Resilient Supply Chains

Many companies invest in resilience only after a disruption. Applying the concept of real options can help decision makers fortify supply chain capabilities no matter the crisis.

time-read
10+ minutos  |
Fall 2024
The Three Traps That Stymie Reinvention
MIT Sloan Management Review

The Three Traps That Stymie Reinvention

Organizational identity, architecture, and collaboration can be either assets or liabilities to pursuing growth in new sectors.

time-read
10+ minutos  |
Fall 2024
What Makes Companies Do the Right Thing?
MIT Sloan Management Review

What Makes Companies Do the Right Thing?

Vaccine makers varied widely in their engagement with global public health efforts to broaden access to COVID-19 immunizations. Ethically motivated leadership was a dominant factor.

time-read
10+ minutos  |
Fall 2024
Build the Right C-Suite Team for Your Strategy
MIT Sloan Management Review

Build the Right C-Suite Team for Your Strategy

CEOs can foster a more effective leadership team by understanding when to tap senior executives' competitive instincts and when to encourage collaboration.

time-read
10+ minutos  |
Fall 2024
A Better Way to Unlock Innovation and Drive Change
MIT Sloan Management Review

A Better Way to Unlock Innovation and Drive Change

A strengths-based approach to building teams can win employee commitment to change and foster an inclusive, agile culture.

time-read
10+ minutos  |
Fall 2024