The Financial Cost of Ransomware Attack
At an alarming rate, the average total cost of recovery from a ransomware attack has more than doubled in a year; from $761,106 in 2020 to $1.85 million in 2021. Sophos, in its global survey, revealed worrying upward trends in terms of the impact of a ransomware attack.
One of the gruesome findings of the study is how remediation in lieu of recovery now costs more than 10 times the size of a ransom payment! When we factor in the ransom fee, an attack would approximately cost a whopping $1.4 million!
With 61% if businesses being hit by ransomware last year and as losses exponentially increase, it is high time that we revisit the financial cost of ransomware attack.
Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software
The data on average
On the State of Ransomware 2021 released in April, researchers were able to peg the average ransom paid by respondent organizations at $170,404. More specifically, $3.2 million was the highest amount extorted, whereas the most common payment was $10,000.
The main question in a ransomware attack is: should you pay the ransom?
Well, the data reveals that 32% of those attacked has yielded. However, only 1 out of 10 of them managed to get back all of their data. In Singapore however, more than 1 out of 4 of organizations hit admitted getting their data back by paying the ransom.
“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” says Chester Wisniewski, principal research scientist of Sophos.
Sunk cost and all that
The ransom cost is just the tip of the iceberg when we talk about the ramifications of a malware attack. The whole picture of financial cost of ransomware would necessary include an array of expenditures: business downtime, lost orders, operational costs and more.
The average downtime after a breach was pegged at 16 days. Depending on your nature of business, severity of damage, and capability of your IT team, this downtime duration can vary, along with the corresponding downtime cost.
Downtime and data loss can easily lead to lost clients and a less credible reputation- but these could be the least of your worries. To add “salt to the wound”, a successful ransomware attack—with or without double extortion thrown in—can create an expensive pile of legal and regulatory trouble.
Legal Matter Expenses
Regardless of which jurisdiction, one of the most notorious financial cost of ransomware attacks are the levied legal penalties. For example, in Singapore’s Personal Data Compliance Act (PDPA) record of cases, organizations were made to pay fines ranging from $10,000 to $1,000,000.
The cost can vary depending on the extent of damage and the undertaking your company has adapted for mitigation and remediation purposes.
IT Remediation Cost
With more than half (54%) of business organizations admitting that cyberattacks are now too advanced for their IT team to handle, third party cybersecurity experts are often outsourced. Again, this cost can vary depending on the extent of damage and which firm you are collaborating with.
An impeding danger
Cybersecurity experts have surmised that we are far from over from this ever-present battle against threat actors. On its published research, Cybersecurity Ventures predicts that ransomware will cost its victims more around $265 billion (USD) annually by 2031.
Comparing the increase of financial cost of ransomware attack from the previous years, it is evident that cybercriminals are targeting larger companies– as they are the ones who are more capable of paying exorbitant ransom fees.
Regardless of your organization’s size, a ransomware attack can severely impact your financial dynamics; beyond direct costs such as ransom payouts and IT costs of rebuilding servers, and litigation settlements/fines; including indirect or soft costs which include business disruption, lost revenue, lost productivity, and a tarnished reputation.
As such, you orga remember to practice good cybersecurity hygiene and implement a robust data security protocol. Prevention is always better than cure. Remember that often times, all it takes is just one breach to potentially bring down a well-established organization.
This is where hiring an outsourced DPO can help. Aside from the fact that it is mandatory under the PDPA, an outsourced Data Protection Officer (DPO) oversees data protection responsibilities and the healthy cybersecurity hygiene of the organisation. Every Organization’s DPO should be able to curb any instances of cyberattack as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity.
Be more than just a number in the statistics.
Also Read: Lessons from PDPC Incident and Undertaking: August 2021 Cases