It’s more than you think
Imagine this, you’ve built a business from scratch and are enjoying small businesses success as you grow to fifty employees. You’re doing great. Then a phishing email is delivered to all fifty of those employees. One person in your organization hasn’t had training in how to spot phishing attacks. They click the link.
Bam! The bad guys are in and they’ve encrypted your files. According to a new report by Coveware, a site that assists companies victimized by attacks, the average ransomware attack is now going to cost you more than $80,000. This is a 104% increase from Q3 to Q4 where the cost was just over $40,000.
To pay or not to pay
While all of the recommendations are to not pay the ransom, a whopping 98% of companies that do are able to recover what was encrypted (another Coveware find.) The recovery percentage sits impressively at 97% percent. In layman’s terms, most of these criminals are doing what they say they’ll do.
Coveware found that recovery time has increased from 12.1 days to 16.2 days, which makes the need for recovery and restoration important to a business’ health. But what are the real costs associated with an attack? They don’t just stop at the ransom.
The costs
While a ransomware attack is expensive just from the ransom payment, that’s not the only cost incurred. Businesses suffer from repair and replacement of hardware, loss of profit, remediation, and damaged reputation to name a few. The last of which can be devastating.
The actual payout can quickly triple and quadruple in cost. This idea leaves many businesses seeking out insurance for ransomware. Ransomware insurance, however, is problematic at best.
PC Matic CEO, Rob Cheng, shared his insight on ransomware insurance. “Cyber security insurance is hurting the war against ransomware because they pay ransoms without first considering how to survive without paying the ransom. Last year, cyber security insurance played a key role in driving up the cost of the ransoms.
The problem is that the more we pay, the more we will be attacked. This is not built into their actuarial models and it will lead to an escalation in cyber security insurance premiums.
This industry must be regulated.”
His insight is backed by the published findings at Coveware.
Prevention is the way to go
The effective solution to paying heavy ransoms is evident. Prevention is key. PC Matic strongly recommends using whitelisting technology to protect your machines. PC Matic also recommends back up and separate data storage. Cybercriminals can’t hold your data ransom if you have the means to recover it yourself.
What it all comes down to, however, is preparedness. Above all, business is a numbers game, and the business of ransomware is blowing their numbers out of the water. Are you prepared?
For a list of ransomware attacks that have already taken place in 2019, you may click here. We have also created a heatmap, see below, of the ransomware attacks that have taken place in the U.S. Click the map for full details.
64 total views, 50 views today