The True Cost and Impact of Ransomware: How an Attack Can Haunt Your Business for Years

Jesse Miller, CISO, Stratosphere Networks

News stories about ransomware attacks often highlight the amount the victims ended up paying their attackers. For instance, Colonial Pipeline paid cybercriminals $4.4 million after getting hit by ransomware, and the meat processor JBS handed over $11 million, according to the August 2021 Global Threat Landscape Report from Fortinet.

However, the actual ransom paid to cyberattackers (if the affected organization chooses to follow their demands) typically only accounts for a fraction of the fiscal impact of this type of attack. While the total cost of ransomware is approximately $5.66 million, funds transferred to cybercriminals only account for $790,000 of that amount, according to The 2021 Cost of Phishing Study from the Ponemon Institute and Proofpoint.

Particularly as ransomware attacks occur at an increasingly higher rate, it’s crucial to be aware of all of the factors that contribute to the financial fallout of these types of security incidents, the true extent of the damage, and how you can shield your company from the potentially devastating aftermath of a ransomware infection.

Beyond the Ransom: The Many Ways a Ransomware Infection Can Hurt Your Business

Ransomware attacks have become alarmingly commonplace. In June 2021, average weekly ransomware activity was 10.7 times higher compared to the previous year, according to Fortinet. Cybercriminals are also becoming more demanding: The average ransom payment in the first quarter of 2021 was $220,298, a 43 percent increase compared to the fourth quarter of 2020, Coveware reports.

In addition to the ransom, business disruptions result in a probable maximum loss of $67.5 million following a ransomware infection, according to the Ponemon Institute and Proofpoint. After ransomware struck their company, 77 percent of full-time employees temporarily lost access to networks or systems, and 26 percent couldn’t fully perform their professional duties for at least a week, according to the 2021 Ransomware Impact Report from Keeper Security.

Lost productivity is a major driver of overall ransomware-related costs. Another factor to consider is the monumental amount of resources and labor required to resolve the problem. A sober assessment is needed by leadership to understand if the organization has enough resources in-house, as well as forecasting to determine what a ransomware incident could mean in terms of emergency consulting fees. For example, in one ransomware incident response engagement, during the first five days of the incident, 11 of our team members ended up putting in anywhere from around 30 to nearly 60 hours of total overtime per day.

Overall, during the course of the next 60 days, a dozen of our team members worked over 1,000 hours to contain the spread, eradicate the issue, and restore IT business operations – all of which were unexpected costs for the organization that contracted us to help. Completely remediating a ransomware attack takes an average of 35,285 hours, according to the Ponemon Institute and Proofpoint.

Considering the average IT hourly wage of $63.50 for in-house resources, that amounts to approximately $2.24 million. Add to that third-party incident response rates (between $300.00-$650.00), and the final cost can easily balloon past that. Ultimately, it takes a significant amount of work and multiple security specialists to stop the infection and pick up the pieces after ransomware breaks into and brings down your network.

Additionally, a ransomware infection can tarnish your brand, driving away potential clients for years following the incident. The majority (64 percent) of full-time workers said getting hit by ransomware harmed their company’s reputation, and 63 percent said the incident affected their own trust in the organization. Even if you have cyber liability insurance, it might not cover the total cost of an attack, and it can only help so much if you lose clients and have to find a way to attract new ones.

What You Can Do to Protect Your Organization From Ransomware

Regardless of size or industry, you must act to combat the threat of ransomware. Hackers target small businesses nearly as much as they set their sights on large enterprises: 47 percent of organizations with 100 to 1,000 employees report experiencing ransomware attacks, compared to 54 percent of companies with 1,001 to 5,000 employees, according to The State of Ransomware 2020 report from Sophos.

Given how profoundly an attack can affect your business financially, it makes sense to proactively invest in managed cybersecurity services. Misconfigured systems, human error, outdated solutions, and overall poor IT hygiene can allow ransomware to infiltrate your systems, according to the MSPinsights article “How Ransomware Sneaks In” from Webroot.

A managed security service provider (MSSP) like Stratosphere can help you improve your cybersecurity posture with solutions like the following:

  • Employee security awareness training
  • Extended detection and response (XDR)
  • Zero-trust network architecture with secure access service edge (SASE)
  • Security Operations Center as a Service (SOCaaS)
  • Incident response services

With an MSSP on your side, you’ll have a team of professionals ready to help if you find yourself dealing with ransomware that gets past your defenses. Remember to consider the big picture: If you don’t invest in cybersecurity now, it could lead to an attack tomorrow that costs you your largest client in two or three years.


Contributed blog courtesy of Stratosphere Networks and authored by Jesse Miller, CISO at Stratosphere Networks. Read more contributed blogs from Stratosphere Networks here.

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *