News Release

40% of Consumers Hold CEO Personally Responsible for Ransomware Attacks, Research Shows

Public apologies, fines and even prison sentences wanted as punishment for CEOs who fail to protect their businesses

SANTA CLARA, Calif. – June 8, 2020 – Two-fifths (40%) of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to global research from Veritas Technologies, a global leader in data protection and availability. Furthermore, research shows the public often wants restitution from businesses that fall foul of ransomware - with 65% of respondents wanting compensation, and 9% even wanting to send the CEO to prison.


Simon Jelley, vice president of product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves. The two most essential things that businesses should have in place, according to their customers, are protection software (79%) and backup copies of their data (62%). Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership.”

The research, covering six countries and 12,000 consumers, also appears to show a paradox when it comes to paying ransoms. Most people (71%) want companies to stand up to cyber-bullies and refuse to pay ransoms to get data back. However, when the issue becomes more personal, with a direct threat to their own data, many people change their minds and want the businesses they buy from to negotiate. When it comes to financial data, 55% of respondents want suppliers to pay the ransom to facilitate the return of records.

Jelley said: “It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place. Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”

In fact, the study shows how some consumers quickly lose patience with companies that risk data through ransomware attacks. Almost half of respondents (44%) would stop buying from a company that had been the victim of such a crime.

The research, covering consumers in China, France, Germany, Japan, the UK and the USA, uncovered some interesting patterns that emerge from country to country:

  • In China, people have the highest tendency to change their minds on negotiating with cybercriminals, when it’s their own critical information. While 80% of respondents believe businesses shouldn’t negotiate in general, when it becomes a personal issue of recovering their own data, that number drops sharply to just 16%.
  • Brits have the strongest feelings about standing up to cyber-bullying demands, with 81% believing businesses should not negotiate with criminals.
  • The French seem to be the most forgiving respondents from surveyed countries, with less than one quarter (24%) wanting to blame company heads, just over half (55%) believing only criminals can be blamed for ransomware attacks, and only one-third (36%) considering dropping a company’s services after an attack.
  • Inversely, the Japanese and Chinese are the least forgiving, with 49% and 51% dropping company services after an attack, and China looking to blame business heads directly (66%).
  • Germans are most vociferous about harsh punishment for leaders following an attack, with 29% of those who blame the leaders seeking a prison sentence.
  • In contrast, in the United States, the most common attitude for those blaming leaders is to seek fines as punishment (41%).



Ransomware is a type of malicious software (malware) which restricts access to a computer and/or the files on a computer until a ransom amount is paid. Most commonly, ransomware spreads via cryptovirology, combining asymmetric and symmetric encryption to lock out users from managed file transfer or specific directories or files. It operates under the assumption that the encrypted data is important enough to users that they are willing to pay a ransom to ensure its return. Originating in 1989, ransomware attacks started spreading more widely around 2012 and have become increasingly sophisticated and damaging to businesses.

For more information on data management and protection, visit

Research conducted and statistics compiled for Veritas Technologies LLC by 3Gem. A total of 2,000 consumers were interviewed in April 2020 in each market (China, France, Germany, Japan, United Kingdom and United States) adding up to a global sample size of 12,000 adults over the age of 18.

About Veritas
Veritas Technologies is a global leader in data protection and availability. Over 50,000 enterprises—including 99 of the Fortune 100—rely on us to abstract IT complexity and simplify data management. The Veritas Enterprise Data Services Platform automates the protection and orchestrates the recovery of data everywhere it lives, ensures 24/7 availability of business-critical applications, and provides enterprises with the insights they need to comply with evolving data regulations. With a reputation for reliability at scale and a deployment model to fit any need, Veritas supports more than 500 data sources and over 150 storage targets, including 60 clouds. Learn more at Follow us on Twitter at @veritastechllc.

Veritas and the Veritas Logo are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

PR Contacts

AMS Contact
Veritas Technologies
Craig Librett

EMEA and APJ Contact
Veritas Technologies
Tony Murrant-Patrick