Ransomware costs: when the price to pay is more than just a ransom

The complex, evolving landscape of cybersecurity attacks continues to grow, with ransomware tracking at about 24% of all breaches¹ as well as 66% growth in attacks year over year. ²

To level set, ransomware is malware designed to deny a user or organization access to files on their computer through encryption until a ransom is paid — it’s an expensive and expansive problem for organizations of all sizes and industries. The risks include a spiraling effect of negative brand reputation, leadership changes, lost revenue, and the release of sensitive information, often leading to further extortion.

Is your organization high-risk?

The quick answer is yes, it’s only a matter of time. Some of the most targeted industries have been professional services, manufacturing, healthcare, financial services and retail.³ However, recently government and education have also been major targets. Attacks aren’t limited to just enterprise companies either — small businesses have seen a 40% increase in ransomware attacks and a 56% increase in fund transfer fraud incidents. ⁴ In fact, according to another report, SMBs with revenue around $5 million are twice as likely to become victims as companies in the $30-50 million range and five times as likely as companies with revenue of $100 million. ⁵

This doesn’t mean other industries are off the hook — especially since it only takes adversaries 2 minutes and 57 seconds to drop ransomware into your system. Cybercriminals are typically after intellectual property, patient records or protected health information, customer data, personally identifiable information (PII) and account credentials. ⁶

To pay or not to pay?

The quick answer is always no. In one survey of over 1,000 enterprise IT professionals who had been breached at least once by ransomware in the last 24 months, 84% of them paid but only 47% of them received uncorrupted data returned — with 78% of them breached again after paying the ransom.⁷ Another interesting part of the report revealed that over half did not detect they had been breached for 3-12 months and that the majority of attackers were getting into the network through a supply chain partner. The takeaway here is that as hacker sophistication rises, the ransom demands continue even after payment, compounding the problem.

What are the real ransomware costs?

The quick answer is usually in the millions. Overall, ransomware adversaries made a total of $1.1 billion in 2023, and ransomware cost estimates have already reached over $450 million for the first half of 2024.⁸ Here’s a breakdown of what’s being reported by individual organizations for ransom payments on average:

• $3,960,917 — a 2.6X increase on the $1,542,330 reported in 2023⁹

• $1.4 million for U.S. companies with an estimated 46% of respondents saying their overall business losses were between $1-10 million and 16% saying their losses were over $10 million¹⁰

Recovery costs must be considered, too. These costs include downtime, legal fees, data loss, lost opportunities, reputation repair and other recovery costs. Reports show detrimental and high-cost averages:

• $2.73 million in 2024, up by $1 million in 2023¹¹

• $4.5 million, including payment and recovery¹²

• 35% of victims took a week or less of recovery time while 34% took over a month (same ref as above) due to the growing complexity and severity of attacks, and lack of preparedness

This begs the question, how many cybersecurity defenses do you really need?

The quick answer is a lot. Organizations must prioritize making people, processes and technology secured and compliant in all aspects of the business. Safeguarding against data breaches should be an always-on effort, which means taking a multi-layered approach to secure the workforce, information, devices, network, and applications. But when all else fails, and a breach is made, ransomware containment solutions can be the last line of defense.

Proactive measures for enhanced security

• Preparedness: Develop a robust incident response plan in case of a breach — we offer security assessments to help you determine where you have gaps

• Vulnerability management: Regularly patch vulnerabilities to minimize attack surfaces — ask about our Managed IT Services, Cybersecurity Services, and Cloud Services

• Cybersecurity culture: Foster a security-conscious environment through training and awareness programs— we have specialists in change management and comprehensive security training programs

• Zero trust: Implement zero trust network access to enhance security protocols, including encryption and authentication — let us help your organization close any gaps

• Generative AI awareness: Establish guidelines for the safe use of generative AI to mitigate potential risks — breaching through AI-generated code, scripts and sharing sensitive company data are trending

• System testing: Conduct regular testing to identify and address security gaps — think of our IT Services team as an extension of your team

• Collaboration: Partner with security-focused vendors that have a strong commitment to security

By identifying and closing some (or all) of these security gaps, your defenses will be stronger and reduce the likelihood of a ransomware attack or stop one in its tracks.

Our ransomware containment solution isolates ransomware in real-time, preventing it from encrypting valuable data and minimizing downtime, unlike other solutions that focus only on detection or recovery after the damage is done.