alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Ransomware costs not limited to ransoms, research shows

The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.

This article can also be found in the Premium Editorial Download: Information Security magazine: Machine learning in security explodes: Does it work?:

Ransomware costs are hard to quantify. Many companies that have been targeted and have paid the ransom avoid law enforcement and public disclosure. But financial consequences involve more than just ransoms, according to new data from the Ponemon Institute. The independent study, sponsored by Carbonite, surveyed 618 individuals in small to medium-sized companies.

Researchers found that 51% of the organizations surveyed had experienced ransomware attacks. These companies reported four ransomware attacks on average and -- among those that paid -- an average payment of $2,500 per attack. Close to half of the companies paid (48%) and slightly more did not (52%).

Respondents whose organizations opted not to pay ransoms cited several reasons: full backup of systems and data (42%), company policy not to pay ransoms (16%) and fear ransom would not result in a decryption key (15%). But even among companies that opted out of ransoms, there was financial fallout. Other ransomware costs included investment in security technology (33%), money lost from downtime (32%) and loss of customers (32%).

Paid ransomware chart

According to survey respondents, ransomware infiltrated their organization through phishing and social engineering (43%) and insecure or spoofed websites (30%), malvertising (15%) and social media (8%). More than half (55%) of respondents said that the compromised devices were used for personal and business use. Compromised devices also infected other devices on the network (42%) and the cloud (21%), the survey showed.

Ransomware not paid chart

While 53% of those surveyed indicated that their organization would pay a ransom if sensitive data was at risk, 57% indicated that they thought their organization was too small to be a target of ransomware attacks. Only 46% considered prevention of ransomware (and ransomware costs) a high priority, according to the Ponemon report.  

Next Steps

How companies avoid paying ransoms

What you need to know about ransomware as a service

Study: Ransomware attacks have doubled

This was last published in March 2017

Dig Deeper on Malware, Viruses, Trojans and Spyware

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your organization faced financial fallout from a ransomware attack?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close