No Comments

Ransomware: why does the company pay, one way or another?


While the average cost of a ransomware incident is difficult to estimate accurately, as not all attacks are reported and the expenses incurred can vary greatly depending on the size and nature of the organization hit, a report on cyber threats from the cybersecurity firm Acronis calculates that the average cost of a data breach in the United States was almost US$9.5 million last year, a figure that worldwide is expected to exceed US$5 million on average per incident this year.

In their 2022 ransomware market report, industry analysts predicted that ransomware attacks will cost their victims a total of US$265 billion per year by 2031. This confirms that this is one of the most devastating cyber threats facing companies currently face. In addition to irreparable damage to the organization’s systems, data and reputation, the financial loss can be significant.

According to the Acronis report, even if it refuses to pay the ransom for the data hijacking, the company will incur substantial expenses and lost revenue during the incident to contain and recover the systems, sometimes for weeks and even months, which could have a disastrous financial impact.

The costs, according to the study, can be both direct and indirect. Direct costs typically include paying a ransom in exchange for a decryption key to unlock encrypted data or the cost to hire experts to remove the malware and restore affected systems.

One of the largest ransoms made public was the $70 million ransomware group REvil demanding from software provider Kaseya. But ransom demands vary widely, depending on the sophistication of the attacker and the amount of intelligence they have gathered about how much the target can pay — ranging from thousands to tens of millions of dollars.

The ransom demand is sometimes determined as a percentage of the target company’s annual revenue, usually 3%. According to expert estimates, the ransom payment represents only a small portion — often as little as 15% — of the overall costs associated with the ransomware attack.

Indirect costs

Indirect costs include lost productivity and revenue due to downtime, reputational damage, fines for compliance violations, and legal expenses. Downtime and recovery of lost data after a ransomware attack typically comprise the largest portion of overall expenses. After a ransomware incident, the average company experiences a recovery period of 22 days of downtime to resume operations. The average cost of downtime can often be fifty times more than the ransom demand.

In the wake of a ransomware attack, the entire company must focus on recovery, from IT operations teams restoring encrypted or damaged data and restarting operations to teams in marketing, legal, HR and other divisions dealing with crisis management. Additional costs of ransomware may also include lost sales opportunities, reduced production of products or services, amounts paid to outside consultants and contractors to speed recovery, loss of equity in publicly traded companies, fines by regulatory agencies for failure to protect customer data or other compliance violations, penalties paid to customers for failing to meet service level agreements, and so on.


Additionally, ransomware attacks reveal weaknesses in a company’s cybersecurity defenses, requiring forensic data analysis to identify the vulnerability that enabled the attack, building a plan to close those gaps so as to prevent recurrence of a similar attack and then the additional investments required in cybersecurity technology, processes

According to the Acronis report, by taking the time to review all of these factors, companies can get a better idea of ​​how much a successful ransomware attack could cost in the short and long term and why it is necessary to have a recovery plan. incident response. When companies pay a ransom, they may believe they are fully eliminating the risk posed by the cyber attack. This is a dangerous illusion for several reasons, according to the study. First, because attackers may have active access to company systems and data and may have exfiltrated sensitive data. Then, because in addition to there being no guarantee that they will not launch future attacks, paying a ransom could encourage other groups of cybercriminals to attack the company.


See the original post at: CisoAdvisor

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.