Hüsch, Pia, Mott, Gareth, MacColl, Jamie, Nurse, Jason R. C., Sullivan, James, Turner, Sarah, Pattnaik, Nandita (2024) ‘Your data is stolen and encrypted’: the ransomware victim experience. RUSI Occasional Papers, . ISSN 2397-0286. (KAR id:106978)
PDF
Publisher pdf
Language: English
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
|
|
Download this file (PDF/1MB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: https://rusi.org/explore-our-research/publications... |
Abstract
This paper aims to understand the wide range of harm caused by ransomware attacks to individuals, organisations and society at large.
More individuals and organisations in the UK and globally are becoming victims of ransomware. However, little is known about their experiences. This paper sheds light on the victim experience and identifies several key factors that typically shape such experiences. These factors are context specific and can either improve or worsen the victim experience. They include the following:
- Timing of an incident, which may happen after a victim has increased their cyber security measures or at an already stressful time for an organisation, such as the beginning of a school year.
- Level of preparation in the form of strong cyber security measures and contingency plans explicitly tailored to respond to a cyber incident.
- Human factors, such as the workplace environment and pre-existing dynamics which are often reinforced during an incident. Good levels of unity can bring staff together during a moment of crisis, but a lack of leadership or a blame culture are likely to aggravate the harm experienced during the incident.
- Engagement with third-party service providers, such as those providing technical incident response or legal services, can alleviate the negative aspects of the victim experience by providing critical legal, technical or other help. However, they may aggravate the harm by providing poor services or losing valuable time in responding to the incident.
- A successful communications campaign is highly context- and victim-specific. It must include external and internal communications with staff members not part of the immediate response to ensure a good workplace culture.
For support, many victims turn to public sector institutions such as law enforcement. Expectations for technical support and expertise from law enforcement are generally low, but victims feel especially unsupported where phone calls are not returned and there is no engagement or feedback loop. The National Cyber Security Centre enjoys a better reputation. However, there is widespread uncertainty about its role and the thresholds that must be met for it to provide support. This poses a reputational risk.
Understanding how ransomware attacks are personally felt by victims and what factors aggravate or alleviate the harm they experience is key for policymakers seeking to implement measures to minimise harm as much as possible.
Item Type: | Article |
---|---|
Uncontrolled keywords: | cybercrime; cyber security and resilience |
Subjects: |
B Philosophy. Psychology. Religion > BF Psychology H Social Sciences > HF Commerce Q Science > QA Mathematics (inc Computing science) T Technology T Technology > T Technology (General) |
Divisions: |
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing University-wide institutes > Institute of Cyber Security for Society |
Funders: |
Engineering and Physical Sciences Research Council (https://ror.org/0439y7842)
Government Communications Headquarters (https://ror.org/052mq0r90) |
Depositing User: | Jason Nurse |
Date Deposited: | 22 Aug 2024 10:51 UTC |
Last Modified: | 05 Nov 2024 13:12 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/106978 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):