Seven in ten businesses experienced a ransomware attack in the past five years, a McGrathNicol survey of over 500 owners and executives at Australian businesses with 50 or more employees has found.

The same survey a year ago found only 31% had been a target.

McGrathNicol says 79% of attacked businesses gave in to the ransom, with an average $1.01 million paid.

Australian business leaders were willing to pay almost double what they were last year to stop an attack – $1.28 million. Negotiation was less likely to take place, with 44% making a ransom payment within 24 hours. Less than a quarter paid so quickly a year earlier.

McGrathNicol Advisory Cyber Partner Darren Hopkins says this shows businesses are far better at anticipating the financial fallout of a cyber breach than 12 months ago.

“Business leaders are starting to treat the ransomware threat as they would any other business risk,” he said. “Just as we encourage businesses to review and practice fire drills, we urge business leaders to develop and stress-test their cyber resilience plans.”

Of the business leaders who had paid a cyber ransom, only 59% chose to negotiate with the cyber criminals, down from 74% last year. Email fraud or “phishing” made up three quarters of ransomware attacks, with the rest vulnerability exploitation and malicious access.

The research found businesses want greater transparency, stronger intelligence sharing and reporting obligations. Three quarters said it should be mandatory for a business to report a ransomware attack to authorities.

Many businesses were “over-confident in their abilities” to respond to a ransomware attack though, with half reporting they were very prepared – yet 13% taking two days or longer to inform all relevant stakeholders of an attack.

A fifth of large businesses with more than 1000 employees admitted an attack was not reported to all stakeholders.

Cyber Partner Shane Bell says cyber isn’t a new agenda item and should be “an established component by now”.

“With September’s Optus breach and October’s Medibank breach dominating headlines, it’s more important than ever that governments, regulators, and corporate Australia work together to minimise risk to consumers and critical industries,” he said.