carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Aug 23, 2017

How to determine the true cost of a ransomware attack

How to determine the true cost of a ransomware attack

Color illustration of laptop screen showing a security warning.

The costs associated with a ransomware attack are often viewed from two dimensions: On one side, there is the the ransom demand, and on the other, the cost to recover or recreate data. Neither of these is a complete view because they do not take into account all the ancillary costs. Here's a quick look at several factors that also add to the cost of dealing with ransomware:

Ransomware frequently results in at least some IT systems downtime, meaning that technology resources necessary for business operations are unavailable. The costs associated with downtime include the amount of time it takes to get systems back up and running and lost productivity because employees may be unable to perform their job functions. Downtime also leads directly to lost revenue because customers may be unable to seek help or purchase products or services.

Opportunity cost
IT staff members are hired to perform essential technology-related functions for the company. But ransomware often diverts IT from their regular duties as they are forced to focus on restoring IT systems. This can lead to decreased productivity, backlogs, additional hours, burnout and mistakes. In some cases, it may be necessary to hire temp staff or use outside contractors or consultants to augment IT during the restore process.

Organizations may need to perform an investigation to determine whether customer data or proprietary information was exposed. If it was, that constitutes a data breach and investigators will need to determine the extent of the damage. This can be a drain on time and resources.

Ransomware and data breaches may result in notifications to customers, patients, suppliers, investors and partners—and that can negatively impact the company’s reputation and share price if the company is publicly traded. Public relations teams will need to work hard to establish trust again with customers. The company might need to purchase identity protection or other remediation for customers if data was lost or disclosed during the ransomware incident.

A high-quality backup can speed up the process
The quality of a company’s backups can make the restoration process quick and easy, or if it's inadequate, nightmarishly long and costly.

Sadly, many company don't learn that their backups are incomplete, corrupt, or impossible to restore until it's too late. In one common scenario, ransomware hits many computers at a company—let's say 100—and IT later confirms that even though full backups are available, data can only be restored to one computer at a time. That's time-consuming and costly.

Consider another situation where the database for a key business application is moved from one database server to another. The server is hit with ransomware, but then the company learns that the backup job was never modified to point to the new database.

Protecting against ransomware losses
A ransomware infection can expensive, but there are preventative measures you can take to mitigate some of these costs. Consider the damage your organization will sustain due to ransomware downtime. Analyze the potential impact per system type so that you can design security controls and protection mechanisms consistent with the risk.

Test backups often using different disaster scenarios to ensure that recovery time objectives will be met. Make sure you know the location of important data. Consider how your company will handle the additional workload during the incident response and work out temporary or contractor agreements ahead of time. This will save time in procuring resources and result in a better rate. Lastly, run drills with your team and practice data recovery processes so that employees grow comfortable performing necessary tasks under pressure.

For more news and information on the battle against ransomware, visit the homepage today.


Eric Vanderburg

Eric Vanderburg is an information security executive and author known for his insight on cybersecurity, privacy, data protection and storage. Some have called him the “Sheriff of the Internet” because his cybersecurity team at JurInnov protects companies from cyberthreats, investigates data breaches, and provides guidance on safe computing. Eric is passionate about sharing cybersecurity and technology news, insights and best practices. He regularly presents on security topics and maintains a security blog. You can find him throughout the day posting valuable and informative content on his social media channels.

Related content