What percentage of businesses have paid up when they’ve been hacked?

Despite these numbers, less than one-third of IT decision-makers reported that they had immediate plans to address their cybersecurity debt. “As organizations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritized some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” said ExtraHop Chief Risk, Security and Information Security Officer Mark Bowling.

Cybersecurity experts have said it again and again — when you’re hacked, don’t pay the ransom. Businesses, however, don’t all appear to be listening. According to network detection and response firm ExtraHop’s 2023 Global Cyber Confidence Index, 83 percent of organizations that suffered a ransomware attack reported paying the perpetrators at least once.

The number of attacks have gone up dramatically in the last year, which could help explain this high number of payouts. ExtraHop’s report found that businesses reported being attacked an average of four times in the last five years in 2021 but said that in 2022 that went up to four attacks in just one year. And cybersecurity debt may also be a culprit, with 98 percent of respondents stating they were running at least one insecure network protocol. Additionally, 77 percent of IT decision-makers reporting that outdated security measures were responsible for half of their cybersecurity incidents.