When we think of Ransomware, we don’t think of all the costs of this rapidly growing plague. The global cost of Ransomware payments is in the BILLIONS, an FBI report says that in 2023 approximately $12.5 billion was paid out, and that is just what victims had to pay who reported it! The number is predicted to grow by double digit percentages year over year. What is the actual cost of Ransomware though?
When we think about the real cost to businesses, we need to consider all the costs. The ransom is just the tip of the iceberg. There are all the subsequent financial costs nobody thinks about, and that’s not including the interruption to your business continuity. Let’s talk about this in steps, post hack.
Once the panic has slowed and you realize you must do something, who do you call, how do you move forward, what is the process, your first call should be the local authorities. Hopefully you can call your Cyber-Insurer and get the advice you need, or your service provider. You will likely be directed to a ransomware negotiator, or a company that handles all the post hack processes.
Step 1: Negotiation with the hacker and payment of the ransom, so that hopefully they don’t release your data on the dark web. This amount will vary but no matter how big or small the company it will be an amount hopefully you are covered by you Cyber-Insurance for, otherwise it’s coming right out of your bottom line.
Step 2: Recovery and getting back to business, if you are one of the lucky ones who has done everything right or are working with a service provider that has, you may be able to get back up and ‘functional’ within days. But then when you think of the huge victims like hospitals, government organizations, etc. that have taken months to get back to somewhat normal what is the dollar figure you put on that?
Step 3: The forensic investigation that will be necessary to discover just how much data has been exfiltrated, how did the hackers get in, how long were they in there, etc. This is not only extensive but very expensive and takes a lot of time and resource from your business and it can take months to get the final analysis.
Step 4: Now you start thinking of all the parts you may have not had in place before the hack. Not just antivirus software but all the pieces of the security fabric you didn’t have in place that allowed the hacker in to begin with. These are hard costs that you are now going to need to be put in place because now you are at the top of the hackers list to come hit again. The list of security processes and products is long and each piece costs but is the most valuable piece of your corporate infrastructure.
By now your head is spinning and you are wondering will this nightmare ever end? There is no answer to that question unfortunaley, you can only do as much as possible to prevent another attack.
