The FBI estimated in 2016 that ransomware would be a $1 billion a year crime.
Taking that worrying figure into account, security firm Imperva have announced the results of a survey of security professionals taken at the recent RSA Conference, exploring their experiences with ransomware.
Thirty-two percent of respondents said their company had been infected with ransomware with 11 percent taking longer than a week to regain access to their systems after an attack.
“Whether companies choose to pay the extortion or not, the real cost of ransomware is downtime and lost productivity,” said Terry Ray, chief product strategist at Imperva. “Even if victims have backup files or are willing to pay the ransom, the cost associated with productivity downtime adds up quickly. What’s more, the availability of ransomware-as-a-service, combined with high profits for the attackers, means ransomware attacks are likely to escalate in 2017,” he added.
To pay or not to pay?
More than half (59 percent) of those surveyed said that the cost of downtime due to lack of access to systems for customers and employees was the biggest business impact of a ransomware attack. Twenty-nine percent said that if their company suffered a ransomware attack which resulted in downtime, they would be losing between $5,000 and $20,000 a day. Twenty-seven percent thought that the amount could be over $20,000 a day.
“The interesting thing about ransomware is how simple it is to execute and how easy it is to inflict damage.” continues Ray. “Organisations tend to think of hacking as though it was rocket science which always puts them on the losing end. The reality is that hacking is most often simple, and mitigating it requires proper attention and tools which do exist and are within reach of most enterprises. Hacking is a serious business and enterprises should, therefore, treat information security seriously,” Ray concluded.