Over Half of CISOs Would Pay Ransom

A new survey finds that 58% of CISOs say their organization would pay a ransom to recover data after an attack.

A recent survey commissioned by security firm Absolute Software has found that a majority of Chief Information Security Officers (CISOs) are prepared to pay ransoms. The study revealed that 58% of CISOs indicated their organization would pay a ransom to regain access to their data following a cyberattack. This statistic points to a significant, albeit controversial, trend in how businesses are approaching the threat of ransomware. According to Christy Wyatt, CEO of Absolute Software, ransomware attacks are not only becoming more common but are also continuing to increase in frequency, forcing companies to confront this difficult decision more often.

This willingness to pay reflects the immense pressure on security and business leaders to ensure business continuity and avoid the catastrophic costs of prolonged downtime, data loss, and reputational damage. For founders, CTOs, and IT teams, this data point underscores the critical need for robust incident response planning that explicitly addresses the "to pay or not to pay" dilemma. The finding suggests that many organizations, despite official guidance advising against payment, view paying the ransom as the most pragmatic option to resume operations quickly.

The statistic (58% would pay) signals a major shift in ransomware response, moving it from a technical failure to a calculated business decision. It forces leadership teams to formalize their stance on paying ransoms within their incident response plans.

Companies are increasingly viewing ransom payments as a cost of doing business to ensure continuity, despite official guidance against it. This trend may embolden attackers and increase the frequency of attacks, raising insurance premiums and overall security costs for everyone.