Australian companies are increasingly refusing to make cyber ransom payments.

New stats show 50 per cent reporting of firms faced with cyber ransoms report no adverse effects from not paying. 

CyberCX, a tech security firm backed by BGH Capital, assists with some of Australia's most significant cyber incidents. 

In a new report, they say there has been a major reduction in ransom payments in 2023, based on an analysis of 100 major incidents. 

Cybercriminals typically deploy ransomware to cripple companies, forcing them into a corner where paying a ransom seems the only viable option to recover. 

Fortunately, this is no longer the case, as there are various technical controls that provide businesses with alternatives to capitulating to extortion.

Experts suggest a cultural shift is also underway, with a growing acceptance and readiness to tackle cyber incidents more openly and collaboratively.

Interestingly, the likelihood of a company paying a ransom may depend on its operational model.

CyberCX says business-to-business companies are more likely to pay ransoms than customer-facing organisations. The decision often boils down to a simple cost-benefit analysis, especially when sensitive contracts and client relationships are at stake.

The Australian government's stance on ransom payments remains neutral, neither making them illegal nor endorsing them. 

However, the consensus within the cybersecurity community discourages ransom payments. Not only is there no guarantee of data retrieval, but succumbing to demands also fuels the cybercrime economy, encouraging further attacks.

CyberCX's 2023 review further reveals that firms refusing to pay ransoms increasingly find their data remains unexposed, suggesting a potential deterrent effect. 

Nevertheless, the threat landscape continues to evolve, with a 37 per cent rise in Business Email Compromise attacks noted, signifying the need for ongoing vigilance and adaptive cybersecurity strategies.