Peaking at $230 thousand was the average ransomware payment while over a quarter of the victims pay the ransomware . These are the latest figures from our threat report from September 2020. But this doesn’t truly give you the whole picture. In order, to do that a further study was conducted to tally and quantify the collateral damage from the rise in extortion amounts and incident occurrences.
The hours of lost productivity due to a ransomware all add up to the loss of money. Closely related are lost productivity and the length of time to discover the attack according to our survey data. In other words, the faster the attack is detected means limiting the spread of the infection and therefore less time spent on remediation. So, the further ransomware ingrains itself through your system the longer it takes to weed out.
Meanwhile almost 50% of respondents are unaware they have a bug in the system for over 24 hours after first infested.
So, to figure out the dollar value of remediation we need to first understand of the length of time to rectify the system after an incident.
33% were reportedly remediated in 1-3 hours
17% required 3-5 days
Webroot determined low/high-cost estimates for hours of remediation reported by survey respondents, factoring in the varying costs of IT resources.
For the cost of remediation for
33% – $300/$750 for three hours
17% – $4,000/$10,000 for 5 days
(A full breakdown is available in the report.)
Irrespective of whether an organisation pays a ransom or not. After an incident, how long does it take to return to normal operation?
However, if businesses don’t pay the ransom, they end up recovering their data faster than those who do pay. In fact, 70% were able to recover their data within a business day, compared to 46% that paid the ransom demand, according to the study.
Certainly, this could be due to
whether a target had available backups
lost time due to back and forth with extortionists
time spent making a payment.
To determine how much the downtime costs add up to, is to look at the specific value of the data that’s become unavailable. Is it critical to conducting business operations? By determining the value of data, it prioritises non-critical data and applications to mission-critical data. This helps businesses formulate their recovery time objectives (RTOs). For instance, a mission-critical data a 24-hour recovery may exceed the tolerable limit of their RTO and help drive the cost of downtime. In some cases, higher than the ransom itself.
Impact on client operations
The survey shows that 46% of the businesses taking part reported client operations were also affected negatively by a ransomware incident at their own company. Most importantly, this could result the fracture of business relationships that take time to build and loss of anticipated revenue.
However, that’s not even be the riskiest aspect of client operations being affected.
Last year after the SolarWinds attack what became apparent was the supply chain attacks and their implications.
What came into sharp focus last year after the SolarWinds attack was the implications of these supply chain attacks. To clarify, a cybercriminal compromised a trusted supplier to distribute ransomware. The costs can be enormous as everyone in the supply chain is affected.
Brand and reputational damage
These days ransomware attacks against high-profile targets are always hitting the new headlines and getting TV & media airtime. While your organisation may not be one of those high-profile targets, its reputation and staying power may not survive an attack according to the study. That is to say, businesses admitted their brand was harmed by a run-in with ransomware, 38% of those surveyed. For instance, lost customers, and publicity issues. As a result, businesses could be forced into damage control and must enlist the services PR or communications firms that are expensive, to help repair some of the damage.
But business must do the damage control, or they risk their survival. Customers that are affected by a business’s ransomware attack and there’s no response or silence from the business come across as callous, uncaring and unaccountable. In other words, customers are put off.
Therefore, cybersecurity incidents can have significant consequences causing reputational damage. Most importantly, customers are less likely to stay with business due to loyalty. For example, in the study 61% of customers went to a competing brand in the last year while 77 % say they will change their loyalty quicker now than in the past times.
The list goes on…
This list of the four hidden costs of ransomware is by no means exhaustive. Add to these costs’ fines for breaches of compliance regulation, cybersecurity insurance and several other unexpected expenses.