The Financial Impact of a Ransomware Attack
If you are hit by a ransomware attack, the financial aftermath is not about the size of the ransom itself, or whether or not you should pay the extortion. The most serious financial burden of a ransomware attack is the collateral damage to your revenue.
When calculating the potential damage of a cyber-attack, there is a vast amount of wide-ranging collateral damage you need to take into account.
We have compiled a list to give you just some examples of the costs to be expected from a ransomware attack that go far beyond the amount of the ransom itself.
So, how much is at stake if you are hit by ransomware?
Henrik Lind, Chief Technology Officer, B4Restore A/S
- The Ransom
First of all, experts agree, you should NOT pay the ransom. Paying ransom only supports the cyber-criminal industry, and most of all, many examples show that companies that have paid, experienced a raise in ransom, much of the recovered data was damaged from the encryption, or they simply never heard back from the attacker.So cut your losses, follow your incident response plan and start restoring your data safely. - The cost of Downtime
Even if you are able to restore all your data from your backup and you opt out of paying the ransom, it’s impossible to avoid business interruption losses caused by downtime. When it comes to downtime, the negative impact for many companies is counted in minutes rather than hours.As long as your systems are down, your whole operation is paralyzed and you’re unable to service clients, sell or produce products, etc. Downtime severely impacts your revenue through lost opportunities, production shortages, service outages, etc. - Labor Cost
In addition to the cost of downtime, you also need to consider the personal cost associated. As long as your IT resources are struggling with restoring your systems, they are unable to work within their regular scope. The same goes for most of your other employees who are dependent on access to data. The result is a backlog of work throughout your organization.Moreover, it might be necessary to hire in extra specialist support or consulting in order to resolve the data issues, before, during and after recovering systems, applications and databases from the downtime. - Brand Reputation
You can restore data, but a damaged reputation is hard to fix. Brand reputation is difficult to measure, but after a ransomware attack, you can expect an impact on your brand that will definitely have a financial impact.The damage to your company’s reputation is hard to avoid, no matter how fast and professionally you are able to resolve the ransomware issue. And remember: the public incudes not only your customers, but also your employees, investors and other stakeholders. - Legal Expenses
In some industries a data breach or data loss can result in fines. Clients can claim direct compensation and/or you might end up at risk of substantial financial problems. Also, if you process personal or sensitive data according to the EU’s GDPR regulation, you must always inform your clients immediately about the data breach.This legal issue is also why the Danish Center for Cybersecurity has begun warning about a growing trend of cyber-criminals threatening to expose stolen data, because it is sensitive, e.g. health, financial, or other personal data. - Data Loss
In addition to the time you need to restore data and the cost of downtime, there is also the risk of losing some data completely due to the ransomware attack. Even if you are able to restore from your backup, there is a risk that not all of your files were backed up completely or correctly.Data loss can also be caused by decryption errors should you decide to pay the ransom and ask the attackers to reverse your data back to normal. - Collateral Damage
When hit by a ransomware attack, you need to detect how the incident happened. How did the cyber-criminals gain access to your data? And was there a data breach of some sort?You need to make sure the root cause is no longer viable to the cyber-criminals. However, even after resolving that issue and shutting the gates, there is still a risk that your company has had some credentials stolen or other security measurements leaked, leading to the information being exploited in other types of attacks or in a future ransomware attack.Hackers trade this kind of information and collaborate in a very professional and organized matter.
Henrik Lind, Chief Technology Officer, B4Restore A/S