Blog

White Paper - XDR for Retirement Systems

August 4, 2021
Ken Ballard

Ransomware attacks continue to target businesses in all industries across the United States. By gaining access to networks and encrypting important systems and files with specialized malware, threat actors seek a payday in return for decrypting compromised IT resources. This article explores the full cost of ransomware attacks to businesses—and you might be surprised at the extent of the findings.


7 Ransomware Costs That Could Impact Your Business

Industry reports and surveys emerge all the time highlighting the costs of ransomware to businesses. These estimates often vary significantly from one another, partly because each business is impacted differently and each situation is unique. 

Estimating the actual cost of a successful ransomware attack is more nuanced than you may first think about. Here are seven different costs that can factor into the equation for your business.  

1. Paying the Ransom

The most obvious direct cost is the ransom demanded by cybercriminals to decrypt any files or systems they’ve locked down. Industry experts regularly debate the topic of whether to pay ransoms, and there remains no established consensus among commentators. 

Security experts working in the industry may debate the topic of whether to pay, but governmental guidance is more clear-cut. The Cybersecurity and Infrastructure Security Agency (CISA) expressly states in its Ransomware Guide that “ CISA, MS-ISAC, and federal law enforcement do not recommend paying a ransom.” Even bearing that advice in mind, organizations still regularly pay the ransoms that hackers demand because they feel like there’s no other option. 

So, what does a ransom payment look like? 

A recent Palo Alto report found that the average ransom paid by organizations increased from $115,123 in 2019 to $312,493 in 2020. It’s worth noting that the methodology for calculating this figure wasn’t defined in the report, so this average payment could be skewed by large ransoms paid by enterprsies. A 2019 Datto report found that the average ransom requested for SMBs was $5,900, which seems more realistic.

All of this is to say that the ransom payment varies depending on the size of your business and the nature of the data that has been compromised.  

2. Double Extortion Costs

Many recent ransomware attacks have used double extortion tactics to increase the likelihood of receiving ransom payments. By first exfiltrating sensitive data from systems before encrypting the affected systems, threat actors use stolen data as extra leverage to demand ransoms. 

With double extortion tactics, the perpetrators threaten to publicly disclose stolen confidential data. Using this tactic, ransomware groups can demand higher payments because many businesses desperately want to avoid public disclosure of sensitive data. 


3. System Downtime

Not having access to important files and systems is extremely costly for pretty much every business. Ransomware typically brings down multiple systems simultaneously. Estimates for the average time it takes to restore affected systems range from 16 days to 21 days.  

Restoration activities include:

  • Reconnecting data backups from offline storage sources
  • Rebuilding systems using OS images
  • Using tools (if available) to decrypt the ransomware strain’s encryption algorithm

It’s worth noting that paying the ransom doesn’t guarantee the swift resumption of access to affected systems. Downtime costs often far exceed those of the initial ransom. The aforementioned Datto report found that downtime from ransomware costs an average of $274,200, which is over 46 times greater than the $5,900 average ransom for SMBs. 

4. Legal Costs

Most businesses unfortunate enough to become victims of ransomware attacks face legal costs too. These costs arise from needing to hire an attorney and seek legal advice on how to adhere to relevant laws at the state, local, or federal level. Furthermore, double extortion attacks that result in breaches of PHI or PII data call for additional legal counsel about data breach notification requirements for affected parties.


5. Incident Response Teams

Not every organization has its own dedicated incident response team. The seriousness of ransomware generally necessitates availing of incident response services providing the required expertise to deal with the fallout from a successful attack. These cross-functional teams cover some of the following aspects of responding to ransomware incidents:

  • Identifying the particular ransomware strain/variant impacting your systems
  • Investigating the scope of the attack and its impact on the network
  • Containing the attack by quarantining systems or network subnets
  • Recovering affected systems using decryption techniques or backup and recovery methods

While an expert outsourced incident response team can reduce recovery time and minimize other costs associated with successful attacks, it’s still a ransomware cost worth thinking about. 

6. Reputational Damage

Reputational damage is an important ransomware cost that often gets overlooked. Customers naturally feel annoyed if an attack exposes their sensitive data. If companies are slow to react, don’t take responsibility, or aren’t transparent enough about what happened, severe reputational damage is likely to ensue. 

The fact that ransomware attacks regularly make media headlines almost guarantees at least some negative press coverage. Reputational damage often begins with a social media backlash and culminates in a share price drop and/or a decline in customers. 

A report by insurer Aon into the impact of cyber risk on reputation highlighted how UK-based company TalkTalk lost 101,000 customers as a result of a serious data breach. On the topic of insurance, it’s worth noting that ransomware victims (and victims of other cyber crimes) often end up paying increased future insurance premiums. These premium increases stem from an increased perception of risk from the insurer’s perspective. 


7. Non-Compliance Fines

Several regulations protect sensitive data in particular industries, such as HIPAA in healthcare or GLBA in finance. When ransomware attacks result in breaches of sensitive data, companies run the risk of violating these regulations. GLBA fines can cost up to $100,000 per violation, so the impact of non-compliance can be devastating. 

A ransomware advisory issued by the U.S. Office of Foreign Assets Control (OFAC) highlighted further potential non-compliance costs for businesses to consider. These costs extend beyond compliance fines for data breaches. According to the document, paying a ransom may result in “civil penalties for sanctions violations”. 

To summarize, ransomware attacks remain such a perilous threat to businesses because of their disparate and far-reaching costs. The cost of ransomware attacks provides sufficient motivation to ensure you have controls in place that can protect against these cyber attacks. Our Ransomware Risk Assessment provides a way to validate your controls against ransomware using external, unbiased security expertise. Contact us today. 



«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development