So how much does a ransomware attack actually cost? Can we calculate the full cost of a ransomware attack on businesses over both the short and the long term?
It turns out we can! Paul Furtado, a senior director and analyst of MSE security at Gartner, led a session at Gartner’s Security & Risk Management Summit. The session, entitled “Fighting Ransomware in Midsize Enterprises,” explored the costs of a ransomware attack in detail. According to Furtado and Coveware, the average cost of a ransomware attack payment by a midsized business in Q1 2020 was $178,254. That represents a significant cost for a substantial portion of businesses.
However, that number only scratches the surface of the true cost. First, you have to factor in the downtime that results from a ransomware attack. Any amount of downtime can damage your business workflows and profits, and thus it can multiply the costs by five to ten times. This makes the current total between $891,270 and $1,782,540.
Worse, these only represent the tangible costs we can accurately predict in the fallout of a ransomware attack. For example, your industry may come with its own legally binding compliance mandates which enforce fees in the wake of a data breach. Also, Furtado notes that data affected by ransomware could end up damaged: “Think of a database where somebody may have records open or a file in use. They’re going to encrypt that data, even though it’s not necessarily sitting at rest and may be sitting in transit. But the chances are when you go to decrypt it, it’s corrupted.”
Corrupted data represents a significant cost in human work hours and money to recover or to replace (if it can be replaced at all).
Learn more about defending against ransomware in our Endpoint Security Buyer’s Guide.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021