Why HR Needs to Prepare for Increase in Ransomware Demands

Aliah D. Wright By Aliah D. Wright January 24, 2017
Why HR Needs to Prepare for Increase in Ransomware Demands

Experts say businesses need to make certain computer files are backed up.

​These few things are certain: Death, taxes and an increase in ransomware demands.

As SHRM Online reported in early 2016, ransomware fees were expected to rise from just a few hundred dollars to tens of thousands of dollars.

That time has come.

Ransomware is cheap to produce and attacks—in which computers are infected with a virus that holds any files hostage until a ransom is paid—can be extremely profitable and will hound businesses with greater frequency, experts believe.

In 2017, companies will need to be even more vigilant when it comes to safeguarding employee data, financial and customer information, and intellectual property.

'Businesses need to tear down security and operations walls—or keep getting hacked.'

In "Ransomware: How Consumers and Businesses Value Their Data," a study released in late December 2016 by IBM, 70 percent of businesses infected with ransomware reported that they paid the ransom in order to regain access to their systems and business data.

[SHRM members-only HR Q&A: How to Safeguard Employee Information]

Cybercriminals made $209 million from ransomware extortions in the first three months of 2016 alone, according to the FBI, compared to $1.6 million in all of 2015. IBM projected that ransomware perpetrators would make nearly $1 billion in 2016 through malware attacks. And, according to research from IBM X-Force, a cloud-based threat intelligence platform, ransomware could be found in nearly 40 percent of all spam e-mails sent in 2016.

Companies are responding to the threat by implementing greater security and calling for all parts of the business to work together to prevent cyberattacks. A study released in mid-January by Forbes Media and global IT solutions company BMC revealed that 69 percent of senior security and IT executives say digital transformation has forced "fundamental changes to existing cybersecurity strategies."

That study, in which more than 300 C-level executives in North America and Europe were interviewed, also found that "security transformation impacts both the technology choices enterprises make to ward off cyber thieves and the way companies organize internal stakeholders, assess risk and prioritize future investments," according to a release.

Companies run the risk of falling prey to these attacks if they fail to share information with employees and vendors and to hold stakeholders accountable for not focusing on prevention, detection and timely response to security incidents.

Some 52 percent of respondents to the BMC study indicated that accountability for security breaches has increased for their operations teams.

"Make no mistake, cybersecurity is a critical initiative across the board. Every company, government and society is seeking new innovative paths to drive our digital future, but all are battling increased threats from phishing, ransomware and known vulnerabilities," said Bill Berutti, president of security and compliance at BMC. "Businesses need to tear down security and operations walls—or keep getting hacked."

As a result of the increase in ransomware and other malware attacks, companies are prioritizing the neutralization of known risks, with 64 percent of respondents indicating they plan to prioritize protecting against and responding to known security threats in the next 12 months.


Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.


Job Finder

Find an HR Job Near You
Search Jobs


HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.