At this point, the devastating impact ransomware can have on organizations in any industry have been witnessed the world over. Earlier this year, one hospital in Southern California was infected with Locky ransomware. The facility had to pay hackers $17,000 to get its systems back online, and this was after it declared an internal state of emergency. A few months later, the FBI announced that encryption malware was on pace to steal $1 billion from organizations in 2016.
While these costs and occurrences are alarming in and of themselves, they don’t necessarily illustrate just how financially damaging ransomware can be to organizations. There are hidden costs in addition to the initial ransom that are less talked about, but no less crippling.
Downtime and Remediation Costs
As we clearly saw from the Los Angeles hospital incident, system downtime is extraordinarily troubling – records were kept using pen and paper, and external communications took place via fax machine. However, downtime is as expensive as it is inconvenient. According to research from the Ponemon Institute, IT-related downtime costs businesses, on average, $7,900 per minute. In fact, DARKReading contributor Andrew Hay ran the numbers for the ransomware that impacted the aforementioned hospital, and it came up with this number : $533,911. That, according to Hay, is the total amount of estimated revenue that the facility lost, in addition to the $17,000 ransom.
Still, that’s only the tip of the iceberg. These “downtime” expenses don’t necessarily account for the longer-term, hard-to-quantify expenses, such as reputational damage, or what Hay refers