Sign in to my dashboard Create an account

Measuring the true cost of a ransomware attack

different currency notes

Share this page

Jason Blosil Author Photo
Jason Blosil

It’s no secret that ransomware carries a high cost for organizations. In fact, the average ransom payment is nearly $1 million. But that’s just for starters. The actual cost of a ransomware attack extends far beyond the ransom payment—it can add up to be 7 times the ransom demand. In this blog post, I we’ll explore how to calculate the true cost of a ransomware attack.

Ransom payment

Let’s start with the most obvious cost: the ransom payment itself. Ransom demands can range anywhere from $10,000 to millions of dollars, with $70 million being the highest demand to date. In many cases, the ransom demand is calculated as a percentage of the target company’s annual revenue (typically around 3%). As far as overall costs go, experts estimate that the ransom payment adds up to only about 15% of the total cost of the ransomware attack. And the real stinger in all of it is that only one in seven organizations who pay a ransom actually get their data back.

Downtime and recovery

The lion’s share of costs from a ransomware attack come from downtime and recovery. It takes an average of 22 days to get a business back up and running after a ransomware attack. In many cases, the cost of downtime can be 50 times greater than the ransom demand. The entire business must turn its focus on recovery, from the IT department recovering the data and restoring operations to the marketing department taking on crisis communications. Lost productivity and the cost of bringing in contractors to help accelerate recovery efforts add up quickly. In addition, ransomware attacks often expose vulnerabilities in an organization’s security infrastructure, which results in expensive rebuilding and implementation of new technologies to boost cybersecurity.

According to a recent IBM study, the average cost of a ransomware attack is $4.62 million (not including the actual ransom payment).

Other expenses

The costs of a ransomware attack can continue long after you have your data restored and your business back up and running. For some organizations, class-action lawsuits are commonplace when customers’ financial and personal data is compromised in an attack. These lawsuits can cost businesses tens of millions of dollars to settle. Reputational damage can also cause massive loss of revenue, and in extreme cases, it can result in having to close the business because customers have taken their business elsewhere.

To recover the costs of a ransomware attack, many organizations have cyberinsurance policies. Unfortunately, not all organizations qualify for a policy, and the policies don’t always cover all the costs that are associated with an attack. And after an attack is carried out on a business, the company’s insurance premiums skyrocket, adding to the ongoing cost of the attack.

To add to the bad news, after a business is successfully attacked by ransomware, the chances of them getting hit with a second attack increases. In fact, 80% of organizations that paid a ransom report being threatened a second time.

It all adds up

In 2021, 576 U.S. organizations were victims of ransomware. The resulting downtime alone totaled $159.4 billion. Compared with the estimated $1.3 billion paid in ransom, you can see where the real costs of ransomware attacks lie.

Check Point Research broke down the costs of ransomware for some real-life attacks.

Industry Date Loss breakdown
Financial services December 2019

Ransom payment: $2.3 million

Other losses: $23.7 million

U.S. county government September 2020

Ransom payment: $500,000

Remediation and response: $404,000

IT services October 2020

Ransom payment: Not applicable

Lost income: $9 million

Remediation: $49.5 million

Insurance March 2021

Ransom payment: $40 million

Other losses: $60 million

The bottom line

Ransom payments are a very small portion of the trust cost of a ransomware attack. To keep costs under control, you must be able to detect an attack and to respond quickly to minimize the damage. Proper data security and data protection can help prevent attacks and can help you recover quickly and avoid the high costs of downtime and data loss.

Starting your ransomware prevention strategy now. To learn how your organization can close the gaps in cybersecurity, check out NetApp® cyber-resilience and ransomware solutions.

Jason Blosil

Jason is a business and marketing professional with over 20 years of product marketing, product management, and corporate finance experience. Since joining NetApp in 2008 he has been focused on SAN and NAS storage, backup and disaster recovery solutions, and cloud data services. When not in the office, you can find him cycling, cooking, enjoying time with family, and volunteering at his church and in the community.

View all Posts by Jason Blosil

Next Steps

Drift chat loading