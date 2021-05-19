Hackers also may be shaking down U.S. companies more often simply because they’re following the basic wisdom attributed to a bank robber, Willie Sutton: “Because that’s where the money is.”

Companies confronted with “double extortion” — the unhappy reality of having to pay hackers to unlock a digital network and then pay them again to recover stolen data — should remember that a significant portion of ransom-payers never get their data back anyway.

Companies and other public and private institutions have many factors to juggle when hackers shake them down for money, of course. The Institute for Security and Technology, a private cybersecurity consortium, said in a recent report on ransomware that chief concerns include whether companies have cyber insurance policies and high-quality data backups. They also worry about the anticipated expense of paying for a prolonged system shutdown.

One obvious conclusion from that observation: All institutions in the digital era should have appropriate backups in place. That’s not a complex fix. Also, companies should think about the expense associated with a shutdown the same way Atlanta and Baltimore did — proactively rather than reactively.