I posted on LinkedIn back in February about the cost of a ransomware attack and I used a graphic to show people what $2,000,000 in cash looks like. You can Google search “Floyd Mayweather $2M” and you’ll find the photo.
In the picture you can see Mr. Mayweather with a table full of money—stacks and stacks of cash. It’s impressive.
All that cash is not even half the cost of the average ransomware attack or data breach, based on a survey from IBM.
According to IBM, the average cost of a data breach is $4.8M, and that data breach could be from a ransomware attack or third-party breach. IBM interviewed 600 organizations, roughly 3,500 people, to get this figure, so it’s not made up out of thin air. The cost of a data breach varies by industry as well.
From the IBM report, the cost of a data breach in the energy sector was roughly $5.3M, the technology sector was $5.5M, the financial sector was $6.1M, and at the top end was healthcare at $9.8M.
What is the difference?
The value of the data.
What are some of the challenges to preventing a ransomware attack or a data breach?
According to IBM, staffing shortages are the number one issue.
Companies did not have enough staff to stay on top of the various technologies they have deployed and have gaps in their security controls.
Read more: The benefits of managed IT services
The second biggest issue was shadow IT.
The CIO might know where the sensitive or protected information resides but what about shadow IT? With the cost of Software as a Service (SaaS) falling, individuals can easily spin up systems and store sensitive or confidential information in a SaaS solution that the CIO doesn’t know about.
Now, add in AI tools.
AI tools can greatly assist teams and organizations, but where is the data stored? Do you know where your confidential data resides? Does it stay in the U.S. or is it stored somewhere else? What controls do you have over your data once it is ingested by an LLM?
What goes into the cost of a ransomware attack or data breach?
A number of factors contribute to the cost of a data breach, and it’s not just the price of credit monitoring for a year or two for every customer record stolen, that is actually one of the easier things to address.
Read more: Navigating the future of AI Security, emerging threats, and zero trust
Here are the top five expenses from a ransomware attack:
1. Downtime from the attack
It might not seem like a big deal but if your company has 100 employees and the collective cost per hour for those employees is $5,000. Consider what the productivity costs are for every day you are down.
Can your company function if all the computers are locked up? If the ransomware attack lasts for a week, which is not bad in terms of the impact, and your organization produces widgets at a value of $100,000 per day, then you have $700,000 in lost productivity, not to mention wage costs. You could be down nearly $1,000,000 in just one week.
2. Ransom payments
Maybe you will recover in a week because you pay the ransom. You have cybersecurity insurance, and you negotiate the payment to be just $200,000. Your insurance carrier splits the cost with you, so it only costs your business $100,000. “Only.”
Read more: Cybercrime insurance requirements are driving security adoption
3. Data recovery and restoration costs
This one can be surprisingly high. For a company with 100 or more employees, you probably outsource your IT to a managed services provider (MSP), and you need to get up quickly, so you pay extra to have your MSP address the issue ASAP. A $50,000 bill for recovery and restoration is by no means unheard after a ransomware attack.
4. Legal and regulatory costs
This number might surprise you, because legal costs and fines often make up a significant portion of the costs that result from a ransomware attack or data breach. The components of the legal costs are going to be your legal fees plus the cost of potential fines and lawsuits. There are two examples of this from 2024—one from a biotech firm and one from a medical institute. The biotech firm had to pay $12M in fines and legal fees for a data breach that impacted over 250,000 customers. Meta, the parent company of Facebook, paid the state of Texas $1.4B (billion!) for capturing and using biometric data. These fines do not include the cost of the legal team for either company.
5. Security improvements
Nothing soaks up budget dollars like a data breach or ransomware attack. Never let the news of a disaster go to waste—have a plan!
If you were hit with a ransomware attack, what tools could have prevented it? Maybe you have a good tool for endpoint protection, but you are short staffed. Having a trusted third party to help you monitor your network 24×7 might seem expensive now, but compared to all the downtime, recovery time, and legal fees it will take for your limited staff to recover from a ransomware attack, a $200,000 a year contract to monitor your 100 desktops and servers might be good insurance.
Maybe you don’t like your endpoint protection, so you want to upgrade. Fifty dollars per month per endpoint might be a reasonable price point ($60,000) to have better detection at your workstations.
Learn more: Managed Threat Detection and Response
Maybe you need to upgrade your firewall and install an intrusion protection system (IPS) for your network. That might be $45,000 per year.
Whatever you know you need, document it, put a budget together, and present it to your CFO or executive leadership team, and make them aware of the cost of a ransomware attack.
If you need help figuring out the cost, fill out the consultation form below and the CBTS team will be in touch.
