SINGAPORE, Aug 2 — A survey by data security firm Cohesity has found that 64 per cent of Singaporean businesses, or three out of five, paid a ransom during cyberattacks in 2023.

The survey, which was released in July and published by Singapore news channel CNA, also said that 36 per cent paid at least US$500,000 (RM2.28 million).

Cohesity’s survey included responses from 302 IT and security executives in Singapore, surveyed between late June and early July, with a majority from IT, telecommunications, manufacturing, healthcare, and financial services.

Of the 64 per cent who paid ransoms, nearly half — 47 per cent — paid between US$100,000 and US$499,999.

Most respondents stated that they believe the threat of cyberattacks on their industry would either increase or had already increased this year.

A substantial majority – 80 per cent – said their company would pay a ransom to recover data and resume business operations.

Almost 60 per cent indicated their company would be prepared to pay over US$1 million in ransom, with 16 per cent willing to pay more than US$5 million.

In April, for example, Singaporean law firm Shook Lin & Bok was hit by a ransomware attack and paid US$1.4 million in Bitcoin to the Akira ransomware group. The attackers’ initial demand of US$2 million was reduced after a week of negotiations.

According to Cohesity’s survey, 71 per cent of respondents said their companies had “do not pay” policies.

But the fact that 64 per cent paid despite such policies is a “major concern,” Cohesity’s global cyber resilience strategist James Blake was quoted as saying.

Ransomware is a type of malicious software (malware) designed to block access to a computer system or files, typically by encrypting them, until a ransom is paid.

The attacker demands payment, usually in cryptocurrency, in exchange for a decryption key that will restore access to the locked files or system.