Cyber attacks – more specifically, ransomware attacks – are top of a lot of people’s minds at the moment. National headlines are being made almost every week with huge companies paying out millions in compensation or ransoms, while billions of records are lost or stolen.
It would be easy to quote scary numbers about the money spent on recovering from ransomware attacks, but the truth is costs can vary massively depending on the size and sector of the organisation hit.
There’s a lot of debate around whether to actually pay a ransom or not, but I’m not here to discuss that – I’m interested in the other costs.
Behind the headlines and after all the attention goes away, what do businesses need to pay out for after a cyber attack, and what do you need to be thinking about when it comes to investing in protection?
During the incident
Ransom Payouts – These are the costs that first spring to most people’s minds when talking about ransomware, and depending on the size and sophistication of the attackers (and the attack), they can range from a few thousand to millions. There may also be additional charges for agreeing to confidentiality and/or not releasing your data.
Ransom Negotiator – It’s becoming increasingly common to hire ransom negotiators to work on your behalf to minimise the payout and assist with arranging the transfers. While this may help reduce the cost of the payout, they will require payment themselves.
Incident Response Team – Some large companies may have dedicated incident response teams, however most will require assistance in the heat of the moment. Ransomware incidents can be very labour intensive as well as time critical, and if not pre-agreed, rates can be astronomical as organisations don’t have many options.
After the incident
Incident Investigation – On top of the initial incident response, organisations will often need to identify the original ingress point for ransomware for regulatory, insurance or company requirements and to assist with closing whatever holes were exploited. As with incident response, this kind of investigation is time-critical, highly skilled and therefore can be expensive.
Infrastructure Rebuilds – Depending on the type of attack and the damage sustained, it may not be desirable to restore from attacker provided data anyway. This can require hundreds of systems to require rebuilding, often involving additional partners to design and deploy their solutions again.
Data Restoration Services – Assuming that data is recoverable, either from the attackers or through other means, there are often costs associated with ensuring consistency, ensuring data hasn’t been hijacked or modified and finally importing it back into the newly rebuilt infrastructure. These are often specialist and labour-intensive skills, even more so if recovery is being done from data disks directly.
Regulatory Costs – When significant attacks happen they often attract the attention of regulators. This can result in fines but will also likely require significant investments in both time and money to defend, mitigate issues, appeal rulings, and so on.
Insurance Costs – Ransomware insurance is a booming market with an aim to reduce the impact of other costs, however like any insurance it is likely to rise significantly if claimed on. There may also be greater controls required to mitigate an attack happening again, or the insurer may limit its liability by increasing their exclusions and uninsurable events.
Productivity Loss – While hard to quantify, having the majority of staff not able to work effectively – and in some cases at all – for potentially weeks is an extremely costly element of any cyber attack. Not only are there costs from continuing to pay salaries but also the opportunity and market costs from not being able to execute efficiently against competitors. There is also the cost of having significant IT and management resources dedicated to recovery and not to driving the business forward.
Customer Compensation / Credit Monitoring – Any time customer data is exposed there is the potential to lose customers. Businesses will often attempt to minimise these losses and reduce regulatory pushback by offering compensation or services such as credit monitoring. Depending on the scale of the breach, these packages can cost significant money.
Public Relations – With a sufficiently large breach it may be wise to engage a public relations firm to assist with damage limitation. These firms will assist with press announcements, advising on the levels of detail to provide and allowing teams to concentrate on the recovery efforts.
Litigation – While most customers will accept compensation or simply leave there may be some who launch lawsuits. These can drag on for a long time and depending on the country may include thousands of customers. This can all lead to very expensive court costs including lawyers and further increases costs around investigations and recovery.
Reputational Damage – Even when providing compensation reputational damage is inevitable. While this is unlikely to directly show up on a balance sheet there is almost certainly going to be someone who doesn’t engage with a business’ services because they heard about the attack.
How can you protect your business?
It’s vital to have a robust, holistic ransomware defence strategy in place – read our latest blog for our breakdown of the three key areas you need to address to create a holistic security and defence strategy.
Our next webinar on ransomware will focus on one of these key areas – safeguarding data and servers. Register below to learn more about:
- Holistic ransomware defence plans
- Safeguarding your data and infrastructure
- Minimising or potentially removing downtime altogether
- Creating a robust breach response and recovery plan