How can a business critically appraise the cost of falling victim of a cyberattack? Assessing the financial impact is not straightforward and it extends to a cost profile beyond the immediate pain points.
Hacking, especially in form of ransomware, causes long-term pain and delays the day-to-day operations, disrupting whatever goods or services a particular firm specialise in. It also costs additional money should a firm pay out and a new round of costs should the firm which to build up its cybersecurity defenses.
Data collated by the security firm Cloudian shows that despite a seemingly robust approach to cybersecurity education and training being in place within many firms, 65 percent of victims penetrated by phishing had actually conducted anti-phishing training.
It is perhaps, therefore, unsurprising that traditional ransomware defenses are failing, with 54 percent of all victims having anti-phishing training and 49 percent having perimeter defenses in place at the time of attack. Of the key areas of vulnerability, research finds that the public cloud was the most common point of entry for ransomware, with 31 percent of survey respondents being attacked this way.
In terms of how successful these forms of attack are, the answer appears to be ‘very’. Data reveals that 56 percent of firms have reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30 percent said this happened within 24 hours.
The attacks are devastating too. More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers and reputation. As an idea of the financial impact, the average ransom payment in 2021 was $223,000, with 14 percent of victims who were appeared to provide details paying $500,000 or more.
The cost of ransomware does not stop with the pay-out since many firms want a robust solution to prevent recurrence. Cloudian survey data finds that companies spent an average of $183,000 more for other costs resulting from an attack.
Turning to insurance to help cover these costs is not necessarily going to fill the gap. With cyber insurance, this covered only about 60 percent of ransomware payments and other costs, presumably reflecting deductibles and coverage caps.
Is paying out a ransom worthwhile? Not in all cases for sure. Despite paying ransom, only 57 percent of impacted companies reported that they got all their data back. With all these issues factored in, the cost of a ransomware incident is very high.