Large British enterprises who regularly stockpile cryptocurrency to pay off ransomware hackers now constitute over half of all firms, up from 33 percent in 2016 and 42 percent last year.
British companies are hoarding Bitcoin and other types of cryptocurrencies in large numbers to pay off hackers in the event of ransomware attacks to avoid the kind of reputational damage that the NHS suffered.
Over the past year, not only have more and more large enterprises in the UK decided to invest in cryptocurrency, a large number of them have also diversified their holdings, thereby not placing their entire bets on individual cryptocurrencies like Bitcoin, Etherium, or Ripple.
A survey of 750 IT decision makers from the UK by OnePoll and commissioned by Citrix revealed that while 88 percent of large enterprises in the UK are now investing in and stockpiling Bitcoin, 93 percent of them are also investing on other types of cryptocurrency.
For instance, while 54 percent of large enterprises have bought Litecoin, 43 percent have purchased Etherium, 33 percent have purchased Etherium Classic and 29 percent have invested in Dash.
‘Initially many organisations treated ransomware as a cost of doing business – just like shrinkage and fraud in some sectors – and built a stockpile of cryptocurrency to cover potential cyber ransoms. Yet this is changing as companies begin to embrace its potential as a revenue driver, as well as an alternative means of paying for staff and services,’ said Chris Mayers, chief security architect at Citrix.
However, with 31 percent IT decision makers worried about their firms’ cryptocurrency holdings falling prey to cyber criminals, and 18 percent of them worried about malicious insiders gaining access to cryptocurrency, Mayers also spoke about how important it is to strengthen the security around such cryptocurrency holdings.
‘As British companies continue to build and diversify their cryptocurrency portfolios, vital security measures must be put in place to protect these reserves and ensure they can be used for a growing range of business processes instead of falling into criminal hands through ransom or theft. With more than one cryptocurrency, and supporting diverse business needs, security becomes both more important and potentially more complex.
‘Organisations should adopt the same approach as they do for data and apps: simplify security by placing cryptocurrencies under centralised control with common policies and procedures, with robust defences. Cryptocurrencies must not be managed by ‘shadow IT’,’ he added.
Last year, a similar survey commissioned by Citrix had revealed how many British companies were quietly hoarding Bitcoin or keeping tabs on the digital currency’s value to ensure they could pay off hackers in the event of ransomware attacks. According to the survey, British businesses were prepared to pay an average of £136,235.44 to regain access to critical and sensitive data lost to ransomware.
‘The decision to stockpile digital currency reflects a widespread attitude that paying a ransom may be necessary. Just one fifth (22%) of businesses are not prepared to pay anything when struck with a ransomware attack — a reduction from 25% last year,’ Citrix noted.
According to former Ministry of Defence cyber chief Paul Taylor who spoke to The Sunday Telegraph, the fact that British companies are hoarding ransomware to pay off ransomware hackers is an open secret.
‘Companies are definitely stockpiling Bitcoin in order to be prepared to pay ransoms,’ he said, adding that companies are even ordering employees to ‘prepare digital wallets and monitor cryptocurrency prices to hedge against inflation should they need to buy, to keep a hack under wraps’.