When hackers successfully encrypt the computers of a large public company, the media pays attention.   In 2016, around $1 billion in ransomware payments were paid, over four times as much as was paid the year before. It’s likely that 2017 will see an even higher number.  There is no doubt that ransomware demands will continue to increase. While the ransoms demanded by hackers are often fairly minimal, the monetary amounts do vary on a case by case basis.  The victims need to give very careful consideration to whether to pay the ransom.  In most cases, it is advisable to resist paying the ransom if at all possible. First, there is no guarantee that paying the ransom will result in the receipt of a decryption key to unlock your system. Even if a decryption key is provided, companies that pay the ransom have effectively advertised to the world that they are an easy target, thereby encouraging hackers to breach them again.

The Real Costs of Ransomware

The ransoms paid are just a small part of the story. Only around one in four businesses ever pay the ransom. The rest deal with the encryption of the businesses themselves. The real story, then, is the cost of the downtime that arises when a business cannot operate its equipment and access its files. This can cause significant losses for both you and your clients. Thankfully, many cyber insurers now offer business income coverage to indemnify their insureds for losses incurred as a result of being closed.

Research shows that ransomware, on average, causes downtime that lasts 21.4 hours. For a full day,  laptops, desktops and other computers cannot be used. This means users can’t communicate with key clients or access the databases that they need. A recent survey indicated that just two downtime incidents a year would cost a 500 person organization nearly $220,000.

Protecting Your Data and Your Company

Good security practices are key to protecting against ransomware. Businesses should make sure that all of their software applications are up to date with all patches installed. Use of antiviral and antispyware software will help to detect new threats, particularly when those tools are updated on a regular basis.  Businesses should also ensure that all personnel understand best practices that can protect against costly spyware. Keep important data backed up to prevent loss.

Even with these measures in place, ransomware attacks can and will still occur. This is why businesses should purchase a cybersecurity policy that keeps them protected. If important/sensitive data is lost, businesses will have the coverage to ensure first and third party coverage. As hackers get more sophisticated, defenses against them must become more robust.. Sound cyber security practices and a tailored cyber insurance policy will keep costs down and prevents a ransomware attack from slowing down a business.