Shockingly, the total cost of a breach is approximately seven times higher than the actual extortion request. Using data provided by the FBI, the 2021 DBIR found the median amount of money lost due to ransomware was $11,150, however, some losses were in the million dollar range. And it’s important to note that the average cost of remediation is calculated at $1.4 million per attack.
Interestingly, 90% of confirmed cases did not result in losses. But costs are not limited to the financial gain obtained by the bad actor, they can negatively impact your organization in many ways. For example:
- Business operation interruption
- IT overtime to remediate the incident
- Hiring of third-party forensics and investigations experts
- Legal costs
- Loss of C-level talent and employees
- Damage to brand and reputation
- Temporary business closure leading to lost sales/productivity decline
The cost of these attacks come in many forms, sometimes even in the form of human tragedy. A ransomware attack on a U.S. hospital may have resulted in the fatality of an infant after computer systems were taken offline for several days. And with the rise of organized crime, it’s no surprise that the U.S. Government has urged hospitals and health systems to take immediate steps to harden their networks’ cyber defenses.
According to government data, 14 out of 16 U.S. Critical National Infrastructure (CNI) sectors have been attacked in the past. Additionally, ransomware is judged by the U.K.'s cyber security agency to be the number one cyber threat for both SMBs and enterprises. Attacks on major brands grab the headlines, but according to one estimate, 82% of attacks impact organizations with under 1,000 employees. It’s important to harden your security posture no matter the size or industry, especially as the cost of how to protect against ransomware outweighs the detriment.