Ransomware Protection Cost: A Necessary Investment in Today’s Digital Age
It should come as no surprise to cybersecurity professionals: ransomware attacks and the costs associated with ransomware protection continue to rise year-over-year. Whether you’re protecting your corporate employer or your MSP, the statistics and protection methodology are the same.
Ransomware attacks have been increasing in the recent years, and 2023 is now different: the average ransomware demand in 2023 is $1.5 million and the global cost is expected to exceed $30 billion. To add insult to injury, more than 80% of victims who pay a ransom will be attacked again, which only serves to inflate those numbers even further.
In addition to the actual ransom payment, businesses also incur the costs associated with recovering from a ransomware attack. According to a 2023 study by Sophos, excluding any ransom paid, the estimated mean recovery cost is $1.82 million, a 30% increase from 2022.
Despite the clear rise in ransomware attacks, 50% of organizations are still not investing in cybersecurity, with smaller companies being the least likely to have a security plan in place. A recent study from Tech.co reports that less than 30% of small business named cybersecurity as a priority.
Of equal concern is the trend showing organizations are using backups as a ransomware recovery method at a lower rate than they have in previous years – only 70% of respondents used backups to recover data in 2023, down from 73% in 2022.
The Rising Threat of Ransomware
As past trends have shown, ransomware attacks are continuing to rise. With the increasing sophistication of ransomware operator techniques, methods of delivery, and access to collaborative networking platforms on the Dark Web, malware attacks are all but certain to be come more prevalent and severe.
Prevalence and Impact of Ransomware Attacks
Bad actors that operate via ransomware attacks are becoming more savvy, with some even becoming successful entrepreneurs, building cash cows like Ransomware-as-a-Service platforms and running lucrative extortion rackets.
They are also shrewd opportunists who take advantage of national and global crises. Risk analysis firm Marsh states ransomware attacks increased by 148% during the global COVID-19 pandemic.
Ransomware can infect an organization via a variety of attack vectors. In Sophos’ State of Ransomware 2023 report, respondents reported that common root causes include:
- Exploited vulnerabilities (36%)
- Compromised credentials (29%)
- Emails – malicious and phishing (30%)
It doesn’t take much searching to find numbing real-world examples of ransomware attacks – digitalguardian.com has posted a comprehensive list of ransomware attacks over the past year worth reading.
The Evolving Nature of Ransomware Threats
One of the reasons ransomware continues to be an effective form of malware is its constant evolution.
In nascent stages, ransomware attackers used specialized malware to infiltrate companies’ physical and virtual firewalls, encrypt critical files and sensitive data, and then demand payment for a key to decrypt the encrypted data.
As bad actors have evolved their techniques, new, sophisticated ransomware attacks has given rise to multi-extortion exploits.
Now, not only are hackers encrypting data and demanding a ransom to unlock it, they are also exfiltrating, stealing, and/or copying a company’s files. This technique tightens the screws on victims who are reluctant to pay the ransomware demands, as hackers can threaten to leak or resell the stolen data, allowing them to extort more money from organizations whose professional reputations could be threatened or who want avoid leaking sensitive information.
The most sophisticated ransomware gangs are also leveraging triple extortion attacks, in which they threaten or carry out a Distributed Denial-of-Service (DDoS) attack. In DDoS attacks, network servers are flooded with internet traffic that, at the very least, disrupts access to services and, at worst, takes a website completely offline.
Ransomware Protection Requires a Multi-Pronged Approach
To effectively respond and remediate after a successful ransomware attack, organizations should be investing in traditional ransomware prevention solutions, as well as robust business continuity and disaster recovery (BCDR) services. While the best offense is a good defense (in this case, preventing the attack from happening in the first place), having a BCDR solution in place can make it easier to restore infected data and keep a business running in the wake of a successful attack.
Prong 1: Cyber Awareness, Data Security, and Continuing Education
The best place to start with ransomware protection is with the number one attack vector: people. A good portion of ransomware attacks find a foothold because of simple human error, like reusing passwords between websites or inadvertently interacting with a phishing scam.
54% of MSPs, surveyed by Axcient, said spam and phishing attacks were the most common ransomware delivery methods. But not all attacks rely on emails. Text messages, phone calls, and software updates are delivery techniques consistently used to kickstart phishing scams. Bad actors employ social engineering tactics, sometimes called human hacking, to manipulate unsuspecting victims and appeal to their basic human instincts, like curiosity, greed, fear, and the desire to be helpful.
That’s why ongoing cybersecurity training focusing on items such as cyber awareness, password hygiene, and data security policies is a critical first step in ransomware prevention. All employees at a company should be required to complete regular, role-based cybersecurity training, regardless of seniority. A C-suite exec is just as likely to fall victim to an exploit as an entry-level employee if they aren’t practicing cyber awareness.
Cultivating a cybersecurity-focused culture that consciously practices good cyber hygiene is the natural next step after implementing ongoing education. A security culture focuses on the need for people, not just technology and processes, to put security first in their everyday work.
Prong 2: Proactive Threat Intelligence
The work done by cybersecurity teams – both in-house and third-party, managed security service providers (MSSP) – provides a more active approach to preventing a ransomware attack in the first place.
Security teams use threat analysis to safeguard a company’s critical files and operating system and protect against attacks from sometimes relentless malicious activity by bad actors. Threat intelligence involves continuous network and file monitoring for anomalous behavior and suspicious activities to predict the possibility of a data breach.
Threat intelligence, sometimes called “cyber threat hunting,” is a specialized branch of cybersecurity. This proactive approach to cybersecurity can prevent ransomware by predicting and mitigating ransomware threats, cyberattacks, and other threats. It collects information about ransomware groups, their tactics, and their targets. Professional human threat hunters use proactive measures – like contextually aware, human-powered manual analysis – to find cyberattacks before they can get started.
Prong 3: Advanced Ransomware and Disaster Recovery Solutions
Despite organizations’ best attempts at educating employees and proactive threat intelligence, ransomware attacks will still happen. In fact, as of 2023, 72% of businesses worldwide are affected by ransomware.
In the event that a ransomware attack is successfully executed, it is critical that organizations have anti-ransomware strategies already in place, including regular data backups, a plan for external communication plan, and a plan for business continuity and disaster recovery, if they wish to recover in a timely manner.
Having a backup and disaster recovery solution in place before a cyber attack is the fastest and cheapest way to recover data after being taken down by ransomware. 45% of companies that use backups are able to recover their data within a week, and organizations who use backups to recover from an attack incurred about half the recovery cost as companies who did not use backups.
While some companies do choose to pay the ransom, as well as recover their data using their backup and disaster recovery solutions, the advantages of having backups in place and using them when needed is abundantly clear.
Cost of Ransomware Protection
How much does ransomware protection cost? The short answer is less than most ransom demands. With the average ransomware demand now over $1 million, prudent organizations will invest in ransomware protection, saving money in the long-run.
Ransomware Protection Costs
It is difficult to estimate ransomware protection costs because so many variables are unique for different companies. The first cardinal rule when estimating is to assume your business will be breached.
Security professionals should ideally carry out a ransomware protection cost analysis. There are tools available that can help businesses calculate a ballpark figure for the cost of preventing cyber attacks. And the Cybersecurity and Infrastructure Security Agency (CISA) has many free ransomware prevention resources.
In general, factors that can influence ransomware protection cost include:
- Size of an organization and number of employees
- Number of devices that need protection
- Type of data that needs protecting
- Tolerance for disruption, downtime, and lost productivity (guaranteeing SLAs for quicker RTO & RPO can be costly, depending on the solution)
- Insurance coverage needed
- Business continuity and disaster recovery vendor or solution
Ransomware protection doesn’t have to be prohibitively expensive. Many effective practices are cost-effective, like employee education, two-factor authentication, and open-source security tools useful for smaller businesses to easily identify known vulnerabilities.
Recovery Costs after a Ransomware Attack
As mentioned previously, the ransom demand is not the only cost that is associated with recovering from a ransomware attack. Recovery costs often include:
- Recovery and remediation processes
- The cost of lost data and downtime
- Legal fees
- Customer notifications
- File activity monitoring (FAM) tools to continuously monitor for suspicious activity
- Risk assessments and additional data security measures after an attack to plug defense gaps
Additionally, there are several non-monetary factors that businesses don’t always take into consideration when doing cost assessments, including:
- Loss of trust
- Brand and reputational damage
- The effect of ransomware attacks on employee and customer morale
- Threat to competitiveness
Cybersecurity Insurance Costs
Another form of ransomware protection that many companies opt for is cybersecurity insurance. This type of insurance provides first-party coverage for data losses associated with cyberattacks, such as ransomware. Formal insurance covers financial losses – including ransom payments, legal fees, the cost of restoring data, professional advice, and business interruptions – incurred due to a ransomware attack.
Monetary protection is not the only benefit that cybersecurity insurance provides organizations. Many insurance companies enforce practices that improve the companies security posture, thus making them less susceptible to cyberattacks.
Not just large, financially secure enterprises are in need of cybersecurity insurance. According to Gartner, in 2022, up to 82 percent of small businesses and up to 90 percent of medium-sized enterprises were targeted by ransomware. It is these businesses that benefit most from cybersecurity insurance, as they often do not have the necessary cash to pay out a high ransom.
How much ransomware insurance can cost depends on several factors, like the size of the business, how sensitive the data being protected is, and where the country is located. Ballpark figure: according to AdvisorSmith, in 2021, the average cost of cyber insurance was $1,589 per year.
MSPs need to include insurance, backups, and incident response policies in their ransomware protection plans. Axcient’s x360Recover has a built-in shield from ransomware attacks and automated reports that show insurance companies how an MSP complies with current security regulations.
Conclusion
There is some good news. While ransomware statistics can possibly be a little misleading, such attacks may be on the decline as MSPs are becoming more vigilant.
Two of the reasons for this are 1) ransomware protection and recovery solutions match the sophistication of hackers’ attack methods, and 2) there has been a wider adoption of cyber insurance policies. In addition, attackers have moved from the extortion of individuals and SMBs to the extortion of education and government institutions and mission-critical industries like healthcare.
While it is true that many ransomware victims pay attackers’ demands, according to cyber extortion specialists Coveway, there has been a decline in how many victims are paying ransom demands.
Because paying a ransom is no guarantee attackers will hand over a decryption key or not leak personal information, many organizations are turning to other ransomware protection solutions, from traditional backups to more advanced BCDR.
Additionally, there have been whispers that the US government might be considering an outright ban on ransom payments. This means businesses have to turn to the ransomware protection methods mentioned in this article to recover their data, rather than pay the ransom and hope for the best.
Author
How well could you sleep with reliable cloud-based backups and recovery?
Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what:
