October is Cybersecurity Awareness Month! All month long, we’ll be exploring cybersecurity-related topics to help you (and your data) stay safe online.
Click to learn more about author Mike Phelan.
A new day, a new cyberattack. That’s the reality of contemporary business. Check the headlines and you’re bound to find coverage of breaches and demands for ransom. Losses aren’t limited by industry or sector. The FBI recently warned the food and agriculture sector about the growing risk of ransomware attacks and financial losses. Even cyber insurers have been attacked.
Last year alone, the FBI’s Internet Crime Complaint Center (IC3) “received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million.” In the coming decade, global damage from ransomware may grow in excess of $265 billion.
What’s often missing from the coverage is a deeper look at the many ways these cyberattacks impact organizations – how those costs actually add up. Some costs related to cyberattacks seem obvious, but many others are below the surface. Consider these as part of your overall financial assessment of the value of investing in and solidifying your cyber recovery (CR) strategy.
Upfront Ransom Costs
The most obvious financial impact of some cyberattacks – ransom attacks – is the ransom itself. Ransom amounts can be quite high (such as the $4.4 million paid by Colonial Pipeline). The average ransom paid, according to research released by Sophos, is $171,404, but the average cost to remediate a ransomware attack is far higher: $1.85 million, thanks to downtime, losses, and additional costs.
Paying ransom isn’t a guarantee that data will be returned. According to the same Sophos report, “only 8% of organizations managed to get back all of their data after paying a ransom.” This highlights the need to have an immutable copy of data stored as a part of your cyber recovery plan, ensuring that you can get back online should your data be damaged.
Repercussions of Downtime
The average downtime caused by a ransomware attack is 23 days as of Q2 2021, as found by Coveware. This represents the “amount of time that the impacted organization experienced some amount of material interruption as a result of the attack.” Business interruptions of any kind or duration aren’t only disruptive to workflows for staff across the enterprise, but can create direct losses and can require costly additional resources, such as:
- Missed sales: Simply put, when customers can’t do business with you, you can’t close the sale.
- Productivity losses: These begin when your staff and community can’t complete tasks, thanks to data being inaccessible. Productivity losses can compound as an organization falls behind in its productivity goals and has new catch-up work to complete. Losses can create immediate disruptions for anyone who relies on your network, as was the case at Howard University at the beginning of September, when classes were cancelled to address issues caused by a ransomware attack, making that school one of the nearly 4,000 impacted by such attacks since 2018.
- Increased time and attention required to restore your data: This can be particularly challenging and time-consuming if the ransomware attack compromised your backups and disaster recovery solutions.
- Investigation into the attack: Recovering from a cyberattack requires additional resources to address issues including the root cause or source of the security vulnerability, coordination with law enforcement, and/or handling the complexities of a possible claim with your insurance carrier (if you have cyber insurance coverage).
The individuals whose information is compromised during a data breach are often the same consumers who will make decisions about whether or not they want to continue doing business with a brand. Consider the more than 54 million individuals whose information was exposed in a breach of T-Mobile, revealed this summer – and the patients whose protected health information (PHI) was exposed, as recently happened in California.
The trustworthiness of a brand, built over years or decades, can be harmed overnight. After events like these – and so many others – customers often reevaluate how comfortable they are doing business with the impacted brands. A cyberattack may even negatively impact stock prices of publicly traded companies. The severity (percentage drop in share price) and duration of such an impact may vary significantly, based on a variety of factors, including the type of the attack.
Additionally, if intellectual property (IP) is leaked or stolen as part of an attack, it “could mean forfeiture of first-to-market advantage, loss of profitability, or – in the worst case – losing entire lines of business to competitors or counterfeiters,” as described by Deloitte. In such circumstances, cyberattacks may also sabotage an organization’s ability to innovate and take the steps that might be needed to strengthen its reputation.