Cost of Ransomware Prevention Versus Recovery

by | Feb 4, 2020 | Security

Cost of Ransomware Prevention Versus Recovery

The recent news of Amazon CEO, Jeff Bezos, getting hacked is part shocker and part nonplussed. It’s a shocker because we think, “How could a tech titan get hacked with all his high tech defenses?” On the other hand, I’m not surprised because we’re all targets for cybercriminals. Some of us are trophies like Bezos; some of us are low hanging fruit for petty criminals looking for an easy score. We all need to digest that. No more apathy, ambivalence or denial. It’s time to recognize the threat, understand it, and protect ourselves because the cost of ransomware prevention vs recovery is a hell of a lot better business decision.

If you still need convincing, here are some facts to chew on:

Cost of Ransomware Prevention Versus Recovery

  • The average cost of a Ransomware attack for a small business as of January 2020 is $84,000. Do a quick calculation of that hit to last year’s bottom line. The costs are a result of lost productivity, lost revenue and professional services to clean it up.

 

  • Every 14 seconds a different business is a victim of a Ransomware attack. Imagine in the time it takes to walk down the hall to your CFO’s office, a peer company is infected. that’s great if it is a competitor. Not so much if it one of your suppliers or a client.

 

  • 1.5 million NEW phishing sites are created every month. That’s NEW phishing sites that one of your employees visits, clicks an innocuous button, downloads a file, and infects your technology backbone.

 

  • 90% of all financial firms have experienced ransomware in the past year. This is a staggering statistic that includes big AND small. Do you really still think it cannot happen to you?

 

  • 69% of organizations that suffered an incident reported an adverse effect on their revenue. This shouldn’t be a surprise to anyone knowing that being a victim of a ransomware attack will cost you money for remediation, but are you prepared to lose revenue as well? What about the hit to your future revenue-generating ability tied to your brand reputation.

 

  • 67% reported a hit to their company’s reputation. NO ONE wants to have their good name sullied. Remember the double gotcha phrase, “Do you still beat your wife?” Would rather spend your time building your reputation or repairing it?! Be prepared to buy your ticket on the PR train if you are hit with ransomware.

 

  • 34% of small businesses hit with ransomware took a week or more to regain access to their data. Yikes, that is painful. Look at your own business and think about not having access to your data for weeks. Seriously, take the time right now and think about it…This about the lost productivity of your employees. Think about calling your best customers and telling them why their orders or services couldn’t be fulfilled.

 

  • Small business has a 45% chance of having a ransomware attack. It is MUCH more lucrative for a ransomware hacker to go after a host of small businesses rather than spend the same amount of time going after a larger firm. Hackers know that they can make up in volume what they lose in a ransom amount. Who do you think they will spend the time trying to hack? Large harden trophy targets or fruit displayed on the sidewalk of a Mainstreet store?

 

  • 50% of victims suffer a second attack within 6 months. This is a sad statistic because it is so easily avoided. Too many companies try to do recovery on the cheap. They try to save money, time, and effort to make sure the ransomware hackers are gone from their network. hackers prey on laziness and apathy.  Hackers just wait out victims’ feeble efforts and, then, infect them again months later. More easy money.

 

  • 50% of small businesses feel they are not prepared to handle a Ransomware attack.  I’m frankly surprised this is not a higher percentage given the dynamic nature attacks. Do you think you’re prepared? How would you know what prepared looked like? What was prepared last month will not be the same as being prepared this month. Hackers love the cat-and-mouse game of attacks. The game never ends. Being prepared means continuous diligence in making your company more difficult to penetrate than the guy next door.

 

  • The annual cost to proactively protect your company from a ransomware attack is $7,140 (based on a 40 user company). Is it worth about $600 bucks a month to highly protect your organization from a week of operational downtime, brand destroying reputation hits, and customer dissatisfaction caused by hackers and ransomware?

 

Do the math for yourself. If these statistics don’t worry you and you have money to burn, at least set aside $84,000 for future recovery efforts or have a line of credit ready. You may need it. If you don’t, pay your productive employees a bonus! If the statistics do worry you, run your own math, make prevention and recovery plans, and execute it to harden your defenses. The returns will be one of your smartest business investments.

 

“Every morning in Africa, a gazelle wakes up, it knows it must outrun the fastest lion or it will be killed. Every morning in Africa, a lion wakes up. It knows it must run faster than the slowest gazelle, or it will starve. It doesn’t matter whether you’re the lion or a gazelle-when the sun comes up, you’d better be running.”

― Christopher McDougall

 

Take the first step to preventing a ransomware attack on your organization

To help protect yourself, start thinking like a hacker. Hackers are opportunistic and look for easy targets. They use a host of free tools to easily identify new targets to hit. (i.e. companies that do not have even basic security in place).

DOWNLOAD our Ransomware Best Practices Checklist and take the simple steps to protect your data, keep your employees productive, and keep your enterprise up and running. The more cybersecurity protection layers you have in place the harder a target you are so the chances of being hacked are much lower since it will take too much effort.

 

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Related posts

IT Support is NOT IT Security

IT Support is NOT IT Security

I hear all too often from business leaders who think their IT Support team and their Security team are synonymous. They just assume that Support addresses all of their security needs by default. After all, the IT Support gang has been managing the anti-virus software...

Recovering from Cyber Risks in SMBs Using the NIST Framework

Recovering from Cyber Risks in SMBs Using the NIST Framework

A ransomware attack happens every 11 seconds. In 40% of companies that get hacked, the same organization is hit again within 9 months. I don't share that to scare you (Although, it should get your attention.) It happens because companies think they have addressed and...

Responding to Cyber Risks in SMBs Using the NIST Framework

Responding to Cyber Risks in SMBs Using the NIST Framework

Prudent business leaders and risk managers understand that identifying, protecting against, and detecting risks are necessary, albeit fallible, actions to mitigate a complex world full of risks. As we have seen from prior posts, cost, time, and resource tradeoffs...

Share This