How much do ransomware attacks cost – and what’s the best defence?

As businesses settle into agile and remote working practices, ransomware attacks are on the rise. Over the last year there has been an increase by 715% of organisations being infiltrated by ransomware attackers.

Ransomware attacks have long been on the increase. And now, as we move to mass remote working, global events are making businesses more vulnerable than ever to losing control of their data and facing serious fines – especially small to medium-sized enterprises.

In this article, we analyse the financial implications of ransomware attacks, why your business might be unprepared, and what you can do to defend yourself and support your people.

What is a ransomware attack?

Cyber-criminals use ransomware to attack your data. When the ransomware gains access to your system, it begins to encrypt files so you can no longer access them. The criminals behind the attack then hold the information hostage, demanding payment for its release.

But the money – should you agree to pay – isn’t the only cost you risk facing…


How much money do ransomware attackers usually demand?

In general, the money that attackers demand to release data is increasing. The average cost of a ransomware attack is £130k on mid-size businesses (Source: Gartner).  In practice, the cost depends on a number of factors, most notably the size of your company. Attackers know that if they demand too much, a business will be more likely to refuse. So, they charge just enough that paying seems the much easier option – despite there being no guarantee they’ll return your data at all.


And now there’s a new factor: vast numbers of people are working from home. This dispersion of your staff can lead to a much-reduced system security. Your IT teams could be severely hamstrung in their capability to respond to attacks, especially without access to on-site hardware. Simply put, ransomware attackers have more leverage than ever to make their demands.

But the best and by far the cheapest solution is to defend yourself against attacks in the first place.

What is the cost of reputational damage?

One of the heaviest consequences of a ransomware attack is that it attracts bad press and causes significant reputational damage.

The compromise of your data, especially consumer data, will result in an outcry from customers and investors alike. But while data can probably be recovered, public trust is not so easy to restore – as Travelex know only too well after a cyber-attack which cost them over $285 million.

These attacks are no longer the sneaky thieves of the past. They are highly destructive and visible. The chance of you keeping things under wraps with existing security is slim to none.

How does a ransomware attack affect productivity?

In 2019, the cost of enforced downtime created by ransomware attacks at SMB’s alone averaged at over £114,000 – a lot more than the average of £4800 most attackers actually demand.

And then there is the effect on your people, who will become increasingly frustrated by hampered working practices and increased inactivity.

While your files are in lockdown, they cannot be accessed. This means your organisation cannot trade effectively – if at all – and existing projects cannot be completed. Which could incur further financial penalties or even put you out of business altogether.

Cyber Security

What about GDPR?

Under GDPR legislation, it’s a legal requirement that you must report a data breach within 72 hours. This means that you have just 72 hours to:

  • Carry out a thorough investigation
  • Inform regulators and impacted individuals of the breach
  • Identify what personal data has been affected, and how
  • Draft a comprehensive containment plan
  • If you don’t comply with these requirements, you face heavy fines of up to £1.75 million or 4% or your annual global turnover.

In such a short time frame, it’s incredibly important that you identify an attack as quickly as possible. However, for many businesses, that isn’t easy to do.

How do I know I’ve been attacked?

One of the biggest weaknesses of a perimeter-based defence isn’t just its inability to protect devices and employees outside the network, but that when there is an attack, you won’t notice until it’s too late.

In fact, it often isn’t until an employee eventually notices that something is wrong that the attack is flagged at all. By that time, thousands upon thousands of files could be encrypted with no way of telling which.

There’s only a small window of time to avoid fines and reputational damage.

How does a ransomware attack typically play out?

Here’s an example scenario of how a ransomware attack can easily creep into your system and spread its infection unnoticed.Cyber attach timeline

So, should I just pay?

No! That will encourage and fund future attacks, and there is no guarantee the attackers will even release all your data. Paying up just perpetuates the problem for everyone.

Indeed, trends suggest that refusal is the way forward. In 2018, 97% of US and 78% of German businesses who were attacked refused to pay. While 75% of Canadian and 58% of UK businesses paid up. And it’s the American/German stance that’s leading to fewer attacks. There have also been examples – such as this “gold standard” response by Norsk Hydro – that taking the fight back to attackers and not giving it to their demands can actually benefit your reputation – even if it did cost them over £45 million

What can I do to defend my business?

Traditional perimeter-based defences are no longer enough. You need to introduce a proactive detect and containment solution.

Containment solutions are all about putting you on the front foot. Any ransomware that manages to break through the perimeter is attacked head-on before it can take hold in your system.

The first compromised device is shut down and the user is disabled in the Active directory, while your IT teams are notified. The handful of files that are infected are registered in a report, so you can easily see what needs to be recovered. And the whole process happens almost instantly.

It’s no wonder these products are currently used by both the US and UK governments!

Ricoh’s Cyber Security Practice

Ricoh provides a military-grade containment solution to protect your business. It’s an automated technology that reacts in seconds to any ransomware attack, ensuring only a single device and very few files are infected.

Click to read Cyber Security Practice

It’s very easy to install too, taking as little as four hours, and can be done remotely meaning minimal disruption to your teams and business.

What makes it the best choice for my business?

There are numerous benefits to choosing Ricoh. Here are just some of the key features on offer:

  • Outbreaks are stopped within seconds, notifying those who need to know
  • Strictly limits infection to a single user and a few files, avoiding serious damage of unhindered attacks
  • Risk of user-error leading to ransomware spreading removed
  • Supplements your existing perimeter defence systems
  • Detailed live visibility with playback, displayed on a dashboard in real-time
  • Tracking of the few affected files before shut down
  • Quick and easy to implement remotely

If you have any questions or would like to know more about proactive ransomware protection, get in touch with Steve Timothy.


Cyber Security Expert

Read all articles by Morten