Measuring the true cost of a ransomware attack

It’s no secret that ransomware carries a high cost for organizations. In fact, the average ransom payment is nearly $1 million. But that’s just for starters. The actual cost of a ransomware attack extends far beyond the ransom payment—it can add up to be 7 times the ransom demand. In this blog post, I we’ll explore how to calculate the true cost of a ransomware attack.

Let’s start with the most obvious cost: the ransom payment itself. Ransom demands can range anywhere from $10,000 to millions of dollars, with $70 million being the highest demand to date. In many cases, the ransom demand is calculated as a percentage of the target company’s annual revenue (typically around 3%). As far as overall costs go, experts estimate that the ransom payment adds up to only about 15% of the total cost of the ransomware attack. And the real stinger in all of it is that only one in seven organizations who pay a ransom actually get their data back.

The lion’s share of costs from a ransomware attack come from downtime and recovery. It takes an average of 22 days to get a business back up and running after a ransomware attack. In many cases, the cost of downtime can be 50 times greater than the ransom demand. The entire business must turn its focus on recovery, from the IT department recovering the data and restoring operations to the marketing department taking on crisis communications. Lost productivity and the cost of bringing in contractors to help accelerate recovery efforts add up quickly. In addition, ransomware attacks often expose vulnerabilities in an organization’s security infrastructure, which results in expensive rebuilding and implementation of new technologies to boost cybersecurity.

According to a recent IBM study, the average cost of a ransomware attack is $4.62 million (not including the actual ransom payment).

The costs of a ransomware attack can continue long after you have your data restored and your business back up and running. For some organizations, class-action lawsuits are commonplace when customers’ financial and personal data is compromised in an attack. These lawsuits can cost businesses tens of millions of dollars to settle. Reputational damage can also cause massive loss of revenue, and in extreme cases, it can result in having to close the business because customers have taken their business elsewhere.

To recover the costs of a ransomware attack, many organizations have cyberinsurance policies. Unfortunately, not all organizations qualify for a policy, and the policies don’t always cover all the costs that are associated with an attack. And after an attack is carried out on a business, the company’s insurance premiums skyrocket, adding to the ongoing cost of the attack.

To add to the bad news, after a business is successfully attacked by ransomware, the chances of them getting hit with a second attack increases. In fact, 80% of organizations that paid a ransom report being threatened a second time.

In 2021, 576 U.S. organizations were victims of ransomware. The resulting downtime alone totaled $159.4 billion. Compared with the estimated $1.3 billion paid in ransom, you can see where the real costs of ransomware attacks lie.

Check Point Research broke down the costs of ransomware for some real-life attacks.

Ransom payments are a very small portion of the trust cost of a ransomware attack. To keep costs under control, you must be able to detect an attack and to respond quickly to minimize the damage. Proper data security and data protection can help prevent attacks and can help you recover quickly and avoid the high costs of downtime and data loss.

Starting your ransomware prevention strategy now. To learn how your organization can close the gaps in cybersecurity, check out NetApp^® cyber-resilience and ransomware solutions.