26 Jan The true cost of ransomware attacks
Cybersecurity experts noticed a rise in ransomware attacks against businesses of all sizes and kinds and an increase in the amount of money demanded by ransomware attacks. WebRoot cited that in September of 2020, the amount paid towards ransomware attacks peaked at more than $230 thousand.
While many experts recommend not paying the ransom, ransomware will still damage the operations and image of companies far beyond what they need to pay to retrieve stolen data or intellectual property. Ransom payments alone aren’t the whole story. Running a business isn’t as simple as keeping enough cash on hand to pay off attackers – the damage goes far beyond cash equity.
Loss in productivity
How much time is needed to remove and remediate ransomware from computers? Generally, it determines how quickly the ransomware is detected in the network. The longer it takes to identify the threat, the longer it takes to remove it. It may only take a few hours to remove and protect against the attack if a threat is detected quickly.
However, almost half of the attacked businesses didn’t learn about the threat until a total of 24 hours later. In these cases, removing the ransomware could take 3-5 days to complete. The cost to redirect resources and responsibilities from IT departments and support teams’ daily operations to remediate would cost between hundreds and tens and thousands of lost productivities, depending on the severity of the attack.
The cost of downtime
How much would a law office or healthcare clinic stand to lose if its network and computer system had to go offline for a few days without any planning or heads up? Beyond lost productivity, an organization needs time to return to its standard daily operations. Determining how quickly it takes to get back up and running depends on a few factors.
The most important aspect is being prepared for a ransomware attack. Having data backups available and a detailed recovery plan will ensure that businesses can return to operate safely and quickly.
The level of importance and value of the stolen data is vital. Broad marketing data, patent-pending intellectual property, and personal identification information of patients all have a widely differing range of matter. Knowing how critical the data is helps determine the value of recovering it from the attacks.
Ransomware doesn’t always target one single company. When cyber attackers have an opportunity, they will often target an entire supply chain of operations and software throughout the lifecycle of a product or service. The financial impact would be impossible to contain to one single entity, and the cost would dive up and spread out to many different parties.
Brand and reputational damage
Businesses that are affected by ransomware rarely face direct costs in terms of dollars and hours. Already, customers are retracting their loyalty and switching brands more often than usual. However, in the face of a ransomware attack, companies could see over 60% of their customer base gone overnight.
38% of businesses opened up about how their reputation and brand image were hurt by ransomware. While the national corporations would recover, such as Wells Fargo, SMBs would have much less luck. Most small-to-midsize businesses that encounter a ransomware attack are likely to fold and close operations entirely.
Counting the cost of ransomware is complex, and this isn’t a complete list of how businesses could be affected. Compliance, insurance, reparations, fines, and other costs come into play depending on the amount and type of stolen information.
If you’re worried that your business might have already been compromised, then call Pegasus Technologies today.
Like everything we do, we approach IT security as a partnership. We start by understanding your business objectives, then take a proactive approach to address the multiple compliance and security needs facing your business.