The Real Cost of Ransomware: Small Businesses Big Ransomware Bill

The Real Cost of Ransomware: Small Businesses Big Ransomware Bill

2016 was a big year for ransomware, a record ransom haul and costs swelling to a staggering $1 billion dollars, a 300% rise on 2015. This year’s heists carried on in the same vein, with high-profile businesses targeted throughout quarter 1 and quarter 2, notably through Petya and WannaCry viruses.


These infections took their toll on small business and MNCs alike, projections total the 2017 Cost of Ransomware will strike out at $5 Billion. Ransomware is on the rise, with 100% increase in attacks predicted for 2018, we are just getting started.

For all the rhetoric, the real cost of Ransomware is in the numbers you don’t see. The ransom itself makes up a tiny fraction of the total cost experienced by businesses:

Downtime: A direct financial impact on your company’s bottom line. The costs associated with this include the cost to get your systems functioning again, the productivity loss of employees who cannot perform their jobs and lost revenue due to unavailability. Honda’s Sayama plant had to shut down for a full day, ceasing their output of an estimated 1000 cars.

Reputation Damage: Irreparable damage to your reputation and brand, is in many ways the most costly and harmful effect ransomware has on your business. Larger companies can take a stock price hit, but could your business survive being out of operations for 3 months? Or could it rebound from a PR disaster, losing confidential patient data or worse?


The Repair Expense: After a security breach of this nature, an investigation will be required to determine which data has been exposed and how to prevent it in the future. Forensic IT specialists will be required to isolate infected devices, clean them and ensure there are no further vulnerabilities.

33% of victims were forced to invest in new security and backup technologies


Opportunity Cost: IT staff that were hired to focus on core business operations are now spending their time diverted from their regular activities. Employees in other departments will also suffer from decreased productivity, backlogs, extra hours and mistakes going forward.

42 hours average spent dealing with each incident.


The Reactive Expense: Because companies have not been proactive in their business defense, they will now reactively spend money, often unwisely in a knee-jerk reaction or panic. A small upfront cost could have defended the business, but now a substantially larger overhead is necessary.

49% believe one ransomware infection will make a company more vulnerable to future attacks.


Critical Document Loss: Many companies use backups to store important financial data, this will assist them in a ransomware recovery process. What many businesses fail to do is backup files and folders that are critical to their operation, for instance, a design house losing all their images or a healthcare clinic that loses all their patient information would be costly at worst, catastrophic at best.

According to the FBI, $209 million was paid in ransom money in Q1 of 2016.

The total economic cost of WannaCry could go up to $5 Billion.

Okay, so how do I defend against Ransomware

Put simply, there is no guaranteed way to avoid hackers, viruses or ransomware. However, there is a solid protocol to protect you and your staff from infection. Many people believe ransomware is just an IT security issue, but in fact its a mulit-layered business issue and it requires a multi-layered solution.

At Aware believe in a 3 pronged approach: Educate, Secure and Backup

Education: It’s imperative that management educates their staff on the risks and challenges of ransomware. Education and training are not a one-off, but a constant conversation outlining the latest risks.

Your employees are your first and most critical line of defense against malware, viruses and hackers.


Secure: Patch, update, and blacklist. These phrases should be common parlance in your business. Don’t download cracked software, run a reputable antivirus solution across the network and make sure employee’s mobile devices are protected on and off premise.


Backup: The only 100% protection against ransomware is by maintaining up-to-date accurate backups of all your essential files.

With this three-pronged approach in mind, we have developed an RMM solution that empowers us to take care of you, so you can focus on your core business.

We educate.
We update.
We protect.
We secure.
We back up.

You can learn more about Aware’s RMM solution here or contact our IT Security team.