What Is The True Cost Of A Ransomware Attack?

From the outset, having your systems encrypted and held to ransom by a ransomware attack can cost you thousands of pounds per minute, so the cost of paying the ransomware demands can appear minimal in comparison.

But what happens after you give into the demands?

You get your systems back and everything goes back to business as usual right?

Wrong

Unless you’re one of the lucky companies who does regain access to your systems it’s a long, arduous and costly process to audit what happened and discover what was stolen or affected as part of breach.

For many, there’s no guarantees that you will actually regain access to your systems by paying ransomware demands Many malicious individuals are just lowly script kiddies, purchasing tools to initiate ransomware attacks off the dark web with little knowledge of how they truly work, encrypting your files with no knowledge of how to decrypt once ransom paid.

Once event has taken place, you’re then left with a myriad of consequences:

• Fines,
• ICO if personal data affected,
• Legal fees,
• Replacing hardware,
• New security measures,
• Reputational damage,
• Lost existing customers,
• Difficult to acquire new business,
• Difficult building reputation back up – black mark hanging over you,
• Lost business through downtime,
• Unable to meet deadlines as data lost.

These consequences can accumulate dramatically, presenting the true cost of a ransomware attack.

A more secure option and often more cost effective is to invest in measures to defend against Cyber threats before they have the opportunity to cause damage and disruption to your business.

The course of action SES recommends would be to begin by creating a robust incident response plan that can be easily followed in the event of a breach. SES also recommend that you perform regular Vulnerability Assessments and Penetration Testing once a year and after each major version change review your systems and networks for vulnerabilities on an ongoing basis. Finally, it is advisable that you perform Phishing Assessment on your organisation and provide your staff with Phishing training to improve your employee's awareness of Phishing threats and provide them with the knowledge to defend against them.

If you would like to discuss your organisations security in more detail, please get in touch to speak to one of our specialists. 

© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.