True cost and impact of ransomware attacks on companies


Ransomware attacks have risen to the top of most organizations’ security concerns. A growing number of cybercriminal groups now possess sophisticated malware thanks to the emergence of the ransomware as a service (RaaS) model.

As a result, ransomware attacks are increasing in frequency and specificity as threat actors skilled at breaking into corporate networks use their abilities to distribute ransomware. Ransomware attacks rose by 151% globally in the first half of 2021 compared to last year’s period.

In 2021, almost a third of ransomware victims paid the demanded sum, with a mid-sized business paying an average of $170,404 in ransom. In the second half of 2021, recovering from a ransomware attack cost businesses $1.8 million on average.

Even though the ransom payment is the ransomware attack’s most conspicuous expense and what makes the news, it only makes up a small portion of the overall costs. A ransomware infection results in various expenses, some directly connected to managing and recovering from the infection. Others, however, are the less obvious effects of a ransomware attack on a company’s operations. This article will examine the actual cost and effects of ransomware on businesses.

Downtime costs

Attacks with ransomware can cause a significant amount of an organization’s downtime. Successful infection encrypts crucial business data and disables essential systems. The productivity of the company and its employees will suffer until the company can restore the data and successfully remove the malware from the systems.

Downtime expenses frequently outweigh the actual ransomware demand or payment. An organization is typically offline for nine days after a ransomware attack. While the price of downtime to a business can vary, at an average cost of $8,662 per minute, it costs a business over $112 million.

Downtime can also impact contractual obligations, particularly if a company offers services subject to service-level agreements (SLAs). The nine days of downtime brought on by a ransomware infection may be longer than what is permitted by the applicable SLAs. If this is the case, the organization might have to pay out to partners and customers who were harmed, resulting in additional costs related to downtime.

Resource hours spent on recovery

The complexity of the incident investigation, remediation, and recovery is one of the main reasons businesses experience such a great deal of downtime following a ransomware infection. As ransomware attacks become more sophisticated, important systems are rendered inoperable until they can be restored from backups or by paying the demanded ransom.

An organization typically needs 2.5 months to fully investigate a ransomware attack. Access to specialized incident response personnel with knowledge of handling these incidents is necessary for ransomware recovery and investigation efforts. Due to the scarcity of cybersecurity talent and the rise in ransomware and other types of attacks, this knowledge can be expensive, raising the cost of an attack.

Multi-part attacks

A ransomware attack’s primary goal is to encrypt an organization’s important files and demand payment for the encryption key required to decrypt them. However, if a company can restore backup data, an attacker will have no chance of getting paid. Because of this, many ransomware variants today steal sensitive data from an organization before encrypting it. The attacker has more power to coerce the victim into paying the ransom. Data from businesses that try to decrypt their files without paying the ransom may be sold to the highest bidder or made available to the public on the ransomware gang’s website. When ransomware is used in conjunction with another attack, such as a data breach, the cost to the organization of the incident rises, the average cost of a data breach in 2021 was $4.24 million, which greatly exacerbated the effects of the attack on the victim.

Follow-up attacks

An infection with ransomware can be a nightmare since cybercriminals might not stop with one attack, especially when an organization falls victim to a successful ransomware attack and pays the demanded ransom.

An organization that pays the ransom has shown that it is willing to do so and is a potential source of future payouts. Ransomware attackers are in the business of making money. Additionally, an attacker who has previously entered the environment of an organization may have left behind backdoors or discovered weaknesses that they could use in the future to gain access.

Following attacks against previous ransomware victims are common as a result. 80% of the businesses that paid a ransom in 2021 became the target of another attack. The organization estimated that the same group was responsible for the second attack in 46% of cases.

Insurance premiums

Companies frequently use cybersecurity insurance to transfer the risks related to ransomware attacks. Companies can cover the costs of ransom payments, recovery, public relations, and other expenses connected to a successful ransomware attack with cybersecurity insurance. Insurance companies are now more hesitant to pay for ransomware attacks due to the rapid growth of these attacks and the associated costs. As a result, insurers require more stringent cybersecurity standards from applicants, and the price of cybersecurity insurance that covers ransomware increased by 28.6% in 2020.

Lost business

Critical system outages and downtime impact more than just the staff of an organization. Employees who are unable to work cannot support their clients. The attack may also directly affect customer-facing systems or affect them indirectly by encrypting the vital databases on which they rely. A successful ransomware attack can consequently result in a sizable loss of revenue for a company. Following a successful ransomware attack, nearly two-thirds of victims report suffering a significant loss of revenue.

Lost customers

Consumers’ attention has recently been heavily focused on cybersecurity. Data protection has become a key consideration for consumers in their purchasing decisions as they have become more aware of how businesses collect and use their data. Ransomware attacks involve access to critical, sensitive data, which frequently includes customer records, and some ransomware attacks include data breaches. As a result, businesses affected by ransomware risk losing clients who think the attack shows how poorly the company is handling customer data.

Public relations expenses

Ransomware attacks can seriously harm a company’s reputation and brand image. Customers’ trust in a company can be damaged if services are unavailable due to downtime. Additionally, a company’s perceived inability to protect customer data can harm its brand reputation even if it doesn’t completely lose customers.

Successful ransomware attacks can harm brands and reputations, and repairing those damages may cost a lot of money in public relations. As part of its ransomware recovery strategy, an organization might need to run special campaigns and offer extra services, incentives, or both. An organization might provide identity protection or other services, for instance, in the wake of a ransomware attack that exposes customer data to lessen the attack’s impact on its clients.

Regulatory and legal penalties

A ransomware attack’s ability to access sensitive data within an organization is crucial to its success. An organization must have something of value for the attackers to have a high ransom demand met. This secret key is frequently necessary to decrypt sensitive data for an organization. However, it might also carry the risk of sensitive data that was encrypted by ransomware being exposed.

This implies that a successful ransomware attack has access to the information covered by data protection laws like the Payment Card Industry Data Security Standard (PCI DSS), the EU’s General Data Protection Regulation (GDPR), and others. Regulators may impose fines for non-compliance if access to customer data covered by these laws is not properly restricted, as evidenced by the ransomware’s capacity to encrypt and potentially leak this data. Additionally, customers whose data an organization failed to protect may file civil lawsuits against it.