Ransomware attacks are notorious for their expense to the victim—largely because of the various costs that come along with successful ransomware infections, including many that might not be expected at first. Let’s review some of these costs, if only to reinforce the importance of avoiding ransomware as a rule.
It should come as no surprise at all that the expense associated with ransomware largely comes across because of the downtime that ransomware causes. If an attack is severe enough, a business could find itself without access to its essential data for days or even weeks—one 2020 survey estimated that a full recovery took businesses about five days to reach, with another survey placing the time around 21 days.
This is naturally a big concern for businesses, particularly because downtime has grown to be so much more expensive. Datto collected data that revealed the downtime incurred in ransomware attacks can cost more than $274,200, which is far more than the average ransomware demand asks for.
Cost: Reputational Damage
Let me ask you a question: would you be thrilled to give a business your personal data if their track record showed that they allowed such data to be locked up—and presumably stolen, as we’ll discuss?
Of course not, and you aren’t alone. Consumers from numerous different countries have all indicated that they would take their business elsewhere if an organization lost access to their data or if there was even one service disruption. 90 percent of these consumers took these kinds of things into account before becoming a patron, and half would avoid businesses that had experienced a cyberattack in the preceding year.
This is a huge issue for businesses, especially with many watchdog groups emerging to share the data that companies have lost in breaches for the sake of transparency.
As a result, companies hoping to avoid these ramifications will need to both avoid attacks and more effectively address them in the future.
Cost: Cost of Upgrades
If a business does get infected by ransomware and make it through it, it can serve as considerable motivation to improve its cybersecurity protections. Unfortunately, these improvements are themselves going to incur some considerable costs—particularly if they’re rushed through without the time taken to plan them out.
After all, with changes that are closer to a complete renovation than they are to a fresh coat of paint, you’ll have to invest some considerable capital into these changes—on top of that which is required to resolve the vulnerability that led to the ransomware attack in the first place.
Cost: Continued Extortion
We aren’t going to take any time here to define ransomware again. Instead, we want to pose a question to you:
What if your business was infected, and the decision is made to pay up to prevent your data from being deleted? How can you be so sure that your data will be returned, not just left encrypted, deleted, or sold on the Dark Web for even more profit to the cybercriminal?
You really have no way to be sure—and many cybercriminals have taken to stealing data in addition to encrypting it, exacerbating the business’ problems. The last thing a business trying to recover from a ransomware attack needs is a class-action lawsuit from all the people whose sensitive data was stolen.
Cost: The Ransom Itself
Of course, we can’t talk about the financial impacts of ransomware without addressing the ransom. While we never recommend that you pay this ransom, it may help for us to demonstrate why it is such a bad idea in a little more detail.
One might anticipate that, if comparing the price demanded by a cybercriminal to the cost of restoring a business’ network infrastructure from scratch, the former option would be the more cost-effective one to take. This is not the case at all… after all, you have no guarantee that your data will be returned in its original condition (or at all).
With this in mind, it is less surprising that paying the ransom is far less cost-effective than maintaining a backup ahead of time and restoring your data from that as needed.
Save Money, Time, and Stress by Protecting Your Business Beforehand
With that, we can conclude that proactively preparing for a ransomware event (or any other data loss issue, for that matter) is the only means of protecting your business’ interests. Setton Consulting is here to help you do so with our comprehensive backup and business continuity solutions. To find out more about what they involve, give us a call at (212) 796-6061.