We have seen a lot of numbers thrown out in our industry about the cost of a typical ransomware attacks. The amount is alarming and is increasing every year, making it more critical than ever to protect your organization. Let’s look at the actual amount, how to protect yourself, and the potential damage following an attack.
According to Coveware, a regulated company whose primary purpose is to pay ransoms for companies that have been attacked, the average ransom demand is $211,529. That number is already staggering, but that isn’t the total cost of a ransom attack – that is just what it will cost to regain access to your data. You will still have your other recovery expenses – fixing corrupted/missing data, legal fees (if client or partner data was compromised), PR, etc.
What Does a Ransomware Attack Cost?
How do cybercriminals come up with the ransom demand?
Cybercriminals dig through any and all available information, including your accounts payable! They look at your revenue and what clients you have, then go as far as threatening to steal your clients by telling them they hit you with a ransomware attack. Their tactics are strategic, trying to do the most damage possible to your business.
How to manage your ransomware risk
Cyber Insurance is your answer and is the key to controlling your recovery costs and your risk. Here are a few takeaways you need to keep in mind regarding coverage:
- Give yourself at least three months to purchase/renew your policy so you can properly work through your questionnaire.
- Implement the core security controls, failure to meet these requirements may lead to denied coverage or claims.
- Security Awareness Training
- Segregated Backups
- Vulnerability Scanning [internal and external]
- Create a yearly review process to ensure you have what you need.
Cyber Insurance is critical in today’s threat landscape, and the need for coverage has never been higher. Interested in learning more about cyber security and insurance? Check out our Cybersecurity Insights page to keep up-to-date on IT security for SMBs.