Ransomware recovery can be costly, and not just because of the ransom
August 18, 2021 at 11:30 AM EDT
Ransomware is rarely out of the headlines. Just last week, IT consulting giant Accenture was hit by the LockBit ransomware gang, days after Taiwan-based laptop maker Gigabyte also fell victim to an apparent ransomware attack, leading the hackers to leak gigabytes of confidential AMD and Intel data. Unsurprisingly, ransomware — which has rocketed in activity […]
Ransomware is rarely out of the headlines. Just last week, IT consulting giant Accenture was hit by the LockBit ransomware gang, days after Taiwan-based laptop maker Gigabyte also fell victim to an apparent ransomware attack, leading the hackers to leak gigabytes of confidential AMD and Intel data.
Unsurprisingly, ransomware — which has rocketed in activity during the pandemic — remains among the most costly to businesses, with large U.S companies losing an average of $5.66 million each year to ransomware. But new findings show that is not for the reason you might think.
While we often hear of multimillion-dollar ransom payments made by hackers, research from Proofpoint and the Ponemon Institute found that ransom payments typically account for less than 20% of the total cost of a ransomware attack. Of that $5.66 million figure each year, just $790,000 accounts for ransom payments. Rather, the research shows businesses suffer the majority of their losses through lost productivity and the time-consuming task of containing and cleaning up after a ransomware attack.
Proofpoint says that the remediation process for an average-sized organization takes on average 32,258 hours, which when multiplied by the average $63.50 IT hourly wage totals more than $2 million. Downtime and lost productivity is another costly consequence of ransomware attacks; the research shows that phishing attacks, for example, which were determined as the root cause of almost one-fifth of ransomware attacks last year, have led to employee productivity losses of $3.2 million in 2021, up from $1.8 million in 2015.
“In the wake of a ransomware attack, communication and interaction between employees and any effected external parties must increase massively, causing many teams to have to drop all existing work as part of their ‘day job’ immediately and focus on this urgent matter, for potentially days, weeks or even months,” Proofpoint’s Andrew Rose told TechCrunch.
“They automatically face more scrutiny from customers, regulators and have to increase reliance on third parties. This may include a significant increase in external audits by customers and regulators, which again increases workload cost. There’s also the potential of regulatory fines, or class action lawsuits from customers,” said Rose.
This isn’t all businesses have to contend with from a financial point of view; organizations hit by ransomware are also likely to face an increase in cyber insurance costs, hefty IT expenditure and likely will have to cough up for PR teams, legal staff, customer services and external specialists. There’s also the brand and reputational fallout from such attacks: recent research from Cybereason shows that more than half of U.S. companies reported their brand was tarnished as a result of a ransomware attack.
“For public organizations, there is also the potential for the share price to fall,” Rose adds. “Customers can also lose trust in a business once they know their data may have been at risk, which may in turn cause them to jump ship to a competitor, costing revenue.”