Cyber-security, Privacy, Legal and Ethical Issues in IS
Loading...
Paper Type
short
Paper Number
1631
Description
In this paper, we explore decision-making processes of ransomware victims, focusing on organisations. We examine 39 ransomware attacks using qualitative data collected from victims and police officers from cybercrime units in the UK. A basic premise of this paper is that victims make rational decisions to (not) pay ransoms. Their decision-making processes represent a complex infrastructure that consists of several reasons that drive these choices. Our research shows that victims weigh the costs and benefits of the attack outcomes before making final decisions. The aim of this work is to develop an in-depth understanding of these processes and suggest measures to avoid ransom payments, which, in turn, will help reduce ransomware crime.
Recommended Citation
Yuryna Connolly, Lena and Borrion, Hervé, "Your Money or Your Business: Decision-Making Processes in Ransomware Attacks" (2020). ICIS 2020 Proceedings. 6.
https://aisel.aisnet.org/icis2020/cyber_security_privacy/cyber_security_privacy/6
Your Money or Your Business: Decision-Making Processes in Ransomware Attacks
In this paper, we explore decision-making processes of ransomware victims, focusing on organisations. We examine 39 ransomware attacks using qualitative data collected from victims and police officers from cybercrime units in the UK. A basic premise of this paper is that victims make rational decisions to (not) pay ransoms. Their decision-making processes represent a complex infrastructure that consists of several reasons that drive these choices. Our research shows that victims weigh the costs and benefits of the attack outcomes before making final decisions. The aim of this work is to develop an in-depth understanding of these processes and suggest measures to avoid ransom payments, which, in turn, will help reduce ransomware crime.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.