Did you know?
Collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors, according to a recent analysis conducted by researchers at Check Point. This includes the financial burden imposed by the incident response effort, system restoration, legal fees, monitoring costs, and the overall impact of business disruption.
By analyzing data from public sources and several thousand cyber attacks in the Kovrr database, a cyber-risk and cyber-insurance expert, the researchers also found that:
- The ransom demanded by threat actors is typically between 0.7% and 5% of the victim’s annual revenue, averaging around 2.82%.
- Many ransom ransomware gangs offer discounts for fast payments, ranging between 20% to 25% if the ransom is paid within a few days.
- The overall impact of a ransomware attack on an organization’s financials is directly linked to the duration of the incident, from encryption to full system restoration.
After experiencing an attack, organizations also must maintain customer trust and safeguard their reputation, which often requires time and money that goes far beyond the initial attack.
Exploiting the inevitable collateral damage
Ransomware gangs and operations understand how detrimental their attacks can be on organizations, and they use it to their advantage. They will often link the ransom payment to the collateral damage costs when negotiating with the victim, presenting the payment option as a more financial beneficial option.
What does this mean for me?
Organizations must take steps now to prevent these kinds of attacks from occurring in the future. While it is critically important to safeguard your organization from these types of incidents with response systems, it is far more important to take steps to avoid these kinds of attacks from happening in the first place.
If you have any questions about how to safeguard your firm from these kinds of attacks, Fairview Cyber can help. We provide essential cyber and data security services like phishing prevention training, network penetration testing, vendor due diligence, and more. Contact us today for more information about our services.