and it's more than money at stake.
We all know that ransomware can be detrimental to businesses, but just how much could an attack cost your company? According to a ransomware report released by Datto, the average ransom paid by a North American SMB in 2020 was $6,200. However, additional costs of downtime caused by the attack are significantly higher than the event itself, averaging $308,900 per incident. In fact, that figure represents a staggering 486% increase since 2018.
These statistics were pulled from a survey of more than 1,000 managed service providers (MSPs) around the world. This survey offers some great insight on the concerns and effects of ransomware to small and mid-sized businesses. While these attacks don’t grab headlines the way the recent Colonial Pipeline or JBS incidents have, it’s important to consider that small firms represent over 99% of businesses in the US (according to the Small Business Administration).
1 in 5 SMBs report that they’ve fallen victim to a ransomware attack in the last year. SMBs who don’t outsource their IT services are at even greater risk. Email phishing is by far the leading cause of successful attacks (67%) with lack of cybersecurity training (36%) and weak passwords (30%) rounding out the top 3. Looking at the immediate aftermath of the attack, those with NO Business Continuity and Disaster Recovery (BCDR) products in place are far more likely to experience significant downtime from ransomware. What exactly does the loss of system access mean for a business? Not only is downtime inconvenient for employees and customers, it also leads to loss of revenue for the business and bad publicity due to decreased customer satisfaction and trust.
Certainly, ransomware raises a number of concerns due to its negative impact, but paying the ransom is not the main concern. Most companies agree that the Number One cause for concern involving ransomware is the cost of downtime due to the lack of system access for customers and employees.
Despite increased security spending, MSPs report clients fell victim to ransomware despite having implemented employee education, antivirus, email filtering, pop-up blockers, and endpoint detection solutions.
Ransomware is able to get around these solutions because the cybercriminals frequently modify their malware to avoid detection. What’s worse, the social engineering tactics criminals use to dupe victims have become very sophisticated and hard to detect—even with security education. That’s why a multilayered approach to ransomware that includes business continuity is so important.
Security software and training are essential to prevent attacks before they happen. Business continuity enables organizations to resume normal operations quickly if security measures fail.
There is no one surefire way of preventing ransomware attacks, even with proper security solutions in place. That’s why business continuity was ranked the number one solution to combat attacks again this year.
Knowledge is Power!
Sign Up to Receive Our FREE “Cyber Security Tip of the Week”
No Catch. No Obligation. Just week after week of timely tips to keep you one step ahead of hackers.