The effects of ransomware attacks on organizations can cause unquantifiable financial cost and immeasurable data loss. Yet, despite this, there is a lack of awareness when it comes to being prepared.
A study conducted by Timico and Datto found that two-thirds of UK businesses have no official ransomware policy to guide employees on what to do in the event of an attack.
The reality of ransomware found that two-thirds (68%) of respondents said the effects of an attack were almost instant with data systems going from fully functional to essentially useless within seconds and minutes. Nearly a quarter (23%) reported lockdown within just a few seconds, and 18% said that systems were down within a minute of the attack. A further 26% reported systems being blocked within a few minutes. For the majority (85%) of companies that have been victim to ransomware, systems were down for a week or more, causing £1,000s in financial damage a day to most businesses. A third (33%) had to endure their data down for more than a month, with 15% reporting their data as ‘unrecoverable.’
But retrieving data is becoming increasingly more difficult for organizations. The ransom fees, demanded by cyber criminals before they will unlock the victim’s computer system, are rapidly rising. Nearly a quarter (23%) of respondents paid over £5,000 to retrieve their data and 26% paid a fee of £3,000 to £5,000. Higher ransomware fees in large businesses were reported, with a third of corporate businesses paying over £5,000 to recover data compared to just half that number of SMEs (15%).
Knowing the extent of the cost of the attack on the business is often unknown. Nearly a third (29%) of those polled could not even estimate the overall financial cost to the business of the ransomware attack, deeming it ‘unquantifiable’. Over half (53%) of respondents estimated that the attack had cost the business between £1,000 to £2,000 per day in lost revenue, due to its data systems being down.
With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.