Ransomware (mostly) isn’t costly because of the ransom

ransomware remediation

When you think about ransomware, I have to imagine you envision the ignominy of paying millions of dollars out of pocket to get access to your data back. The scary part is right there in the name: ransomware. The ransom is the nightmare scenario.

While there is certainly a built-in, deep-seeded personal affront to being the victim of a ransom demand, when it comes to running your business, it’s actually not the ransom part of ransomware that should keep you up at night. No, as it turns out, the most expensive things to businesses when hit with actual ransomware is rarely the ransom demand itself.

So… what is the costly part of ransomware?

Ransomware — which rocketed in activity during the pandemic — is for sure a significant source of cost for afflicted businesses; large U.S companies lose an average of $5.66 million each year to ransomware. If you can believe it, though, the ransom portion of it usually accounts for around 20% of that figure.

It’s easy to understand why we’re so scared of the ransom part of the equation — that’s the big stories that make the news. We quite often hear of multi-million-dollar ransom payments made to hackers. But, research from Proofpoint and the Ponemon Institute found that ransom payments typically account for less than 20% of the total cost of a ransomware attack. To wit, of the $5.66 million companies lose to ransomware each year, just $790,000 are from the ransom payments. Proofpoint and Ponemon Institute’s research showed that businesses “suffer the majority of their losses through lost productivity and the time-consuming task of containing and cleaning up after a ransomware attack.”

Proofpoint says that the remediation process for an average-sized organization takes on average 32,258 hours, which when multiplied by the average $63.50 IT hourly wage totals more than $2 million. Downtime and lost productivity is another costly consequence of ransomware attacks; the research shows that phishing attacks, for example, which were determined as the root cause of almost one-fifth of ransomware attacks last year, have led to employee productivity losses of $3.2 million in 2021, up from $1.8 million in 2015.

“In the wake of a ransomware attack, communication and interaction between employees and any effected external parties must increase massively, causing many teams to have to drop all existing work as part of their ‘day job’ immediately and focus on this urgent matter, for potentially days, weeks or even months,” Proofpoint’s Andrew Rose told TechCrunch. “They automatically face more scrutiny from customers, regulators and have to increase reliance on third parties. This may include a significant increase in external audits by customers and regulators, which again increases workload cost. There’s also the potential of regulatory fines, or class action lawsuits from customers,” said Rose.

So what does that mean for your business?

So if the ransom piece isn’t the most costly part of a ransomware attack, what are you to make of that as a business leader? For one, it’s really important to make sure you’re protected if and when a ransomware attack hits you. Are your backups automated and segregated from your active data environments? Do you have multifactor authentication on every sensitive data access point?

For the most part, business leaders of small to medium-sized businesses aren’t trying to spend a lot of time or mental capital on small likelihood / high risk scenarios. You want to focus on, ya know, running your business. But that’s why ransomware attacks should be at least somewhat top of mind, because down time should scare you, regardless of the source.

That’s where we come in. Managed service providers like Leverage at the most base level ensure uptime. We make sure your IT environments work for you, when you need it to, with the least downtime humanly possible. But that also extends to any possible data breach too — we can massively cut the 32,258 hours an average company would expend on ransomware remediation. If 80% of remediation costs are downtime expenditures, then it makes a lot of business sense to make sure you’re limiting your downside exposure.

To that end, if you’re even a little bit worried about ransomware, cyberattacks, or IT-based downtime in general, give us a call — we’d love to show how you how we can improve your bottom line now and well into the future.