The Cost of Ransomware and the Helping Hand of Business Continuity

In the past year, there has been a 235% increase in cyber threats targeting businesses, and ransomware is an increasing risk for organizations of all sizes.

A recent report from Malwarebytes says that business ransomware attacks increased 365% from Q2 in 2018 to Q2 in 2019.

Previously, ransomware attackers had focused more on individuals, but they quickly learned they can significantly increase payouts by targeting organizations. Symantec says that while ransomware attacks overall are down 20%, attacks against enterprise have increased 12%.

92% of managed service providers (MSPs) say that clients with business continuity and disaster recovery programs are less likely to experience significant downtime as the result of a cyber attack such as ransomware.

What is Ransomware?

Ransomware is a form of malware that targets computers and other devices. Access to these devices are restricted while attackers demand a payout—usually in the form of Bitcoin or similar—to unlock systems. Victims must decide if they’ll pay up to get an encryption key or if they’ll refuse and instead invest countless hours and thousands of dollars to rebuild and replace systems. Sometimes, even if a ransom is paid quickly and fully, organizations still face permanent data loss that deeply affects operations.

One of the most common ransomware attack methods is phishing. These attacks, generally in the form of emails, are usually tailored to the recipient. They often look like real emails from legitimate sources and are designed to get victims to divulge confidential personal information, such as passwords, usernames and payment information. One out of every 99 emails sent has potential to be a phishing attempt.

Other ways attackers target organizations is through software vulnerabilities and Remote Desktop Protocol (RTP) attacks.

The Cost of Ransomware

Ransomware damages were expected to exceed $11 billion in 2019.

Kaspersky Lab discovered the average enterprise pays more than $1.2 million per attack, with small businesses paying about $120,000. For both enterprise and small businesses, costs continue to increase year over year. Kaspersky says one successful ransomware attack can cost an organization more than $713,000. In addition to the ransom other associated costs can include:

  • Data loss or damaged data
  • Loss of business functions and downtime
  • Loss of sales and/or production
  • Cost of investigation
  • Damage to brand and business reputation
  • Expenses related to system repair and restoration


On average, downtime costs can exceed five to 10 times the amount of a ransomware payment. In mid-2019, the average payment was more than $36,000, with many organizations paying more than $100,000.

To quantify ransomware downtime in terms of days, the average loss is 9.6 days.


When it comes to recovery, even if a ransom is paid, organizations still have to deal with costs associated with forensic investigations into how/why the breech occurred, as well as hardware, software, and resource costs to recover and restore servers and an array of devices used in a modern enterprise IT environment.

On average, companies hit by a ransomware attack can lose system access for two or more days.

In a review of ransomware cases by CoveWare, about 96% of businesses that paid a ransom received a decryption tool that worked, but even in the best cases, organizations can still lose about 8% of data after a malware attack.

Recently, cities and government agencies, which provide a vast amount of services to large populations, have been targeted by ransomware attacks.

BC and DR Plans are Key to Response and Recovery

Only about 20% of small and medium sized businesses (SMBs) say they’re prepared to handle an attack.

When it comes to cyber attacks like ransomware, business continuity (BC) and disaster recovery plans can be among the most effective ways to protect your organization and also decrease short- and long-term impacts. BC and DR plans can help ensure your organization can handle an attack and that you’re prepared to quickly respond, mitigate, and recover.

A business continuity partner like Castellan can help your organization:

  • Complete a comprehensive cyber risk assessment to determine where you have weaknesses in your cyber program and how to resolve those issues
  • Educate your employees about the dangers of cyber exposure
  • Create security programs with mitigation and recovery plans to decrease the impact of an attack

The 2019 Global State of the Channel Ransomware Report revealed that four out of five MSPs with clients who have BC or DR plans in place were able to recover from an attack on average in 24 hours or less, compared to one out of five clients without BC or DR plans.

With the increasing number of cyber attacks targeting organizations, it may no longer be a question of if your organization may be targeted, but when. Now is the time to ensure you have a business continuity plan in place to help protect you from an attack.

Get The Department Recovery Plan Template

Ready for some hands-on help? Let’s discuss how to best achieve your resilience goals.