Survey: Ransomware costs go beyond the payment

You’d think that the payment would be the most significant aspect of a ransomware attack—especially given that the average paid ransom in 2021 was just over $800,000.

And, hey, ransom’s in the name…

But a survey of 300 ransomware victims discovered that other factors hit harder than the ransom: lost productivity, increased downtime, and ruined reputations. The GetApp poll found that, among respondent companies that paid up, only 11% considered the sum to be the most consequential impact—a fact that didn’t surprise incident-response professionals who spoke with IT Brew.

The “easy” part. A ransomware response has financial costs: You’ll likely need to pay your recovery team of security providers, outside counsel, and negotiations specialists.

“Sometimes, the payment’s the easiest thing to do, if it’s possible from a legal perspective, because the other costs for that whole ecosystem may outweigh what the bad actor is asking for, in terms of a payment,” said Jess Burn, senior analyst at Forrester.

Paying up in downtime. 34% of the companies surveyed by GetApp that did not pay a ransom still incurred damages above $50,000, which included factors like device replacement and downtime.

“The extortion is maybe 10% of the overall costs,” said Dave Wong, VP at Mandiant, citing legal fees, data recovery, and productivity loss.

“The financial aspect of it doesn’t even describe how impactful it is for most organizations, because it’s very disruptive. You’re running a business, and then all of the sudden, a lot of things stop,” Wong told IT Brew.

Over 37% of victims said productivity loss is the most consequential impact of a ransomware attack—a finding that rings true with Roman Shain, solutions architect at Nero Consulting.

“Even restoring from backup takes time…almost half a day, sometimes an hour or two, a couple of hours, where [employees] are just sitting there. Employees have been paid to do nothing,” Shain told IT Brew. “And we are here just praying to the IT gods the backups complete in time.”

Practice run. The companies perhaps best positioned to handle all of ransomware’s costs have undergone continuity planning.

“What folks need to do is not just have [their] incident response provider on speed dial, but… work with them and work with…outside counsel…rehearsing as realistic a scenario as possible, specifically for ransomware, where you have to get to that payment moment,” said Burn.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.