Ransomware attacks against businesses are rising sharply—and they usually result in serious financial consequences, according to the results of a new Ponemon Institute survey.
The Ponemon Institute surveyed 618 IT professionals at small and midsize businesses and found that 51% of companies have already experienced a ransomware attack. Of those victims, a whopping 48% chose to pay an average ransom of $2,500 to get their business files back. And the fiscal concerns do not end there. Among the survey's key findings:
- 33% of victims were forced to invest in new security and backup technologies
- 32% of victims lost money due to system downtime resulting from the attacks
- 32% of victims lost customers and future revenue as a result of the attacks
There's also a huge opportunity cost. Ransomware victims spend an average of 42 hours dealing with each incident. That time could have been spent focusing on the company's core competencies and improving the bottom line.
Moreover, nearly half of survey respondents—49%—believe that one ransomware incident can make a company more vulnerable to future attacks. Why? Because once a cybercriminal believes a business will pay the ransom, that business gets a target on its back for life.
Additionally, ransomware can result in data being stolen and reputational risk. In fact, many businesses were so concerned about their reputation that they never reported the ransomware incidents to law enforcement.
The Ponemon Institute also found that by investing in a high-quality backup and recovery system with versioning capabilities, businesses can avoid financial and other consequences of ransomware altogether.
"Full and accurate backup is a critical ransomware defense," the report reads. "[Many] respondents did not pay the ransom because they had a full backup."