The True Cost of a Ransomware Attack

What is the cost of ransomware? If you were to ask a person on the street, they would likely guess the ransom amount paid to the hackers. They would be wrong.  The biggest cost of ransomware is downtime. Typically, the monies paid to the ransomware gang constitute the smallest portion of the cost of a ransomware attack. In some accounts, the ransom paid is not even included in studies.  IBM, in their Cost of a Data Breach report, places the average cost of a ransomware attack at $4.62 million USD. In the US the average cost is greater than $8 million. This eye-watering amount is driven by four cost centers: lost business, escalation, notification, and post-breach Response.  Of the four, lost business, also known as downtime, is by far the most volatile. Depending on the industry these costs easily compound and spin out of control. In the case of Maersk, the international shipping company, a ransomware attack left them at a standstill for weeks. The estimated cost of the downtime alone was $300 million. For many companies, such an interruption could cost them everything.  Escalation is the next major cost center. Included in this are forensic investigations which can exceed $100,000 USD. A cybersecurity audit for a 10,000+ employee company could run as high as two million dollars. Add in a bit for crisis management messaging and it’s easy to see how the ransom paid may look like a bargain.  The third cost center is notification. This generally refers to communicating the impact of an attack to clients, partners, customers, regulators, and finding experts. While it may seem the least important, good communication can make a massive difference in how clients see you and whether they continue to support you afterward.  The fourth cost center is the post-breach response. Included in this are regulatory fines which, depending on a company’s locale, could be as high as 4% of yearly profits or $20 million. Of course, lawyers will be hired to reduce those amounts, which will cost you slightly less than the actual fine. Add on credit monitoring for those customers who had financial information stolen and this cost center can rack up millions in expenses.  Given ransomware’s high and often unpredictable costs, preventative measures often prove to be the most cost-effective. Using Dark Web Monitoring and Account Takeover Prevention helps locate the exposed credentials hackers use to launch cyber attacks. Digital Risk Prevention tools such as Asset Discovery and Monitoring can find vulnerable assets that hackers exploit to gain access to your network.