Skip to main content

Blog: The true cost of a ransomware attack

By March 15, 2019July 24th, 2019Blog

Have you considered the vast amount of damage that can come from a cyber attack?

With more and more of the world becoming connected and utilizing both cloud services and software-as-a-service to run their businesses, cyber theft and ransomware is becoming a bigger and bigger threat. While cybercrime is a term most people know and understand, ransomware is becoming an emergent threat. Typically defined as a type of software which is designed to block access to a computer system until a sum is paid, ransomware is a type of attack that is not only malicious but its damage is often difficult to fully assess until the attack is already over.

Picture this

Imagine this: you run a small- or mid-sized service business which uses a database of customers and their associated information in order to process invoices, print estimates, and handle scheduling. What if you suddenly lost access to it? Worse, what if you saw a message on the computer threatening to delete it unless you were to pay a huge sum to someone who did have access to it? What would you do? Most businesses, unfortunately, would be at a loss. It’s something that is somewhat unthinkable until it is too late to do anything about it.

When considering the costs of an attack like this, most companies are going to think about two different numbers: the amount of the ransom demand and the amount that it would cost to recover the data if it is lost forever. Unfortunately, there are many more factors that come into play, especially if you look at some organizations who have had to deal with this issue in the past:

  • Time is an issue. How much is the downtime going to cost you? How long will it take to transfer funds to pay off the attackers, especially if they are requesting it in Bitcoin (a very likely event).
  • How will the attack affect the reputation of your company? This is a big one, and it’s also the one that is hardest to define in terms of hard monetary value.
  • The potential cost of regulatory fees or penalties to your company as a result of the theft.

Then there is the demand itself. You have to keep in mind that even if you and your company were to pay whatever ransom is being asked for, there is no guarantee you are going to regain access to your data. It’s not as if you entered into a contract with the criminals. They could turn right around and ask for a larger sum, or worse, take your money and delete or sell all of your data (the sale of which could lead to even bigger problems for you if customer information is what has been stolen).

The fact of the matter is, these threats are out there. You can either be proactive in dealing with them or you can wait for them to happen and pray that things don’t go south during the negotiation. It’s better to be safe than sorry, and we at Sterling Insurance Group know that. Let us help you prepare before something like this happens to your company. Contact us today to learn more.