Ransomware Attacks are on the Rise — and so is Their Cost

Every year, industry leaders strategize on how to stay one step ahead of cybercrime. But as widespread digital transformation, cloud adoption, and remote work initiatives take hold, today’s organizations (large and small) are encountering a drastic spike in ransomware activity – with bad actors employing new and sophisticated tactics that capitalize on businesses who are in a state of change. For IT leaders, it’s never been more important to safeguard their assets to avoid the material and financial impact of ransomware.

Costs are steep

Historically, organizations in more highly regulated industries (like healthcare, energy, financial services, etc…) have been the target of attack and incurred the highest data breach costs.1 However, in today’s market, businesses of all sizes, no matter the industry, are now being targeted. In fact, 46% of SMBs have been victims of ransomware attacks.2 So, what’s the financial impact of a successful attack? Prices are going up, and it’s costing companies in a big way.

• High payouts: The more valuable the data, the higher the price tag. By design, bad actors target vital data that businesses rely on to survive, often backing victims into a corner and forcing them to pay a lofty ransom. Today, the average successful ransomware payout costs $4.44 million.3 In some instances, meeting a ransom doesn’t always ensure access, as bad actors can still refuse to decrypt data even after ransoms are paid in full. And to make things even more complicated, negotiating or paying ransoms with sanctioned organizations could incur fines additional fines levied by the US Government.
• Costly downtimes: Business disruptions of any kind are expensive. And in today’s digital centric world, successful attacks can grind operations to a halt and leave users without access to critical business, customer, and operational data. The average downtime due to a ransomware attack is 19 days4, costing businesses roughly $300,000 per hour according to Gartner downtime estimates.5
• Reputation damage: And it’s not just monetary harm. Even after surviving a ransomware attack, a company’s reputation can be irretrievably tarnished. Customers and investors can take on a negative view of the brand and raise doubts about its ability to protect clients and their data. This can trigger a ripple-effect that has led countless profitable businesses to permanently shut their doors in the fallout of a successful attack.

It’s here to stay

With a new attack expected every 11 seconds in 2021, ransomware is quickly trending in the wrong direction (and with no indication of slowing down).6 Experts estimate that many bad actors are upping the ante to take advantage of the uncertainty surrounding COVID-19. With organizations aggressively shifting to remote workforce models, new entry points are surfacing across systems, SaaS applications, and endpoints. Unfortunately, this disruption has amplified malicious efforts, as cybercriminals double down to target today’s businesses.

Help has arrived

Sometimes, the best offense is a good defense. With the proper data protection strategies in place, organizations can mitigate the risk of successful ransomware attacks and instill high levels of business continuity. Industry experts recommend employing a dedicated, third-party solution that stores data outside of bad actors’ reach and provides robust tools for data recovery. SaaS-delivered solutions can also provide an additional layer of security – operating in a separate security domain outside of customer environments. Look for solutions that offer:

• Virtual air-gapped storage, to isolate data backups from source environments and maintain pristine data copies for recovery
• Rapid recovery options, via granular search and flexible restore options
• AI-powered anomaly detection, to alert users to abnormal file access patterns and potential ransomware activity
• Enterprise-grade security protocols, with zero-trust access controls
• Built-in compression and deduplication, optimized for high performance

About Metallic

1. https://www.ibm.com/security/data-breach
2. Infrascale 2020. “Infrascale Survey Reveals Close to Half of SMBs Have Been Ransomware Attack Targets.”
3. IBM 2020. “Cost of Data Breach Report.”
4. https://safeatlast.co/blog/ransomware-statistics/#gref
5. https://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/
6. Cybercrime Magazine March 2020. “Top 5 Cybersecurity facts, Figures, Predictions, and Statistics for 2020 to 2021.”