Ransomware attacks are on the rise in a big way, and many small to midsize businesses are seriously unprepared to defend themselves. In 2020 alone, ransomware attacks rose by 50%, which is equal to an attack on businesses, devices, or persons every 10 seconds. The cost of these attacks is already daunting and it’s growing every day.
We can all remember the ransomware attack on Colonial Pipeline that cut off gasoline supplies and hiked up prices all over the country. The increase in gasoline prices could potentially be factored into the cost to every person in the US, not to mention any business that factors gas prices into any of their operations, but the ransom itself was enough of a huge hit at 4.4 million dollars. That ransom alone made it the largest attack on any US energy system.
Other major attacks were the ones on JBS and Acer. The JBS ransomware attack was the largest reported ransom payment at 11 million dollars, and the Acer ransomware attack was the largest ransom demand at 50 million dollars.
It may or may not come as a surprise that cyber crime is actually the third largest economy, ranking just below the US and China. From 2019 to 2025, the cost of damages due to cyber crime is expected to rise by 24 billion dollars. Ransomware is, of course, the most common method of attack and the cost of these attacks is rising astronomically as well. In 2015, damages due to ransomware cost a “mere” 24 million dollars, but as of 2020, it’s up to 170 billion dollars.
Twenty-twenty opened the door and invited cyber criminals to come get whatever they wanted when 70% of Americans began working from home. Remote work left IT departments in the dark regarding potential threats, and many employees are using their own devices that don’t have the extra security measures that company devices have in place.
Right now, 45% of all small to midsize businesses (SMB’s) say their security measures aren’t enough to protect them against ransomware attacks, and 66% of them have fallen prey to such attacks in the last year. Unfortunately, 60% of these businesses will fail within 6 months of a data breach. The cost is just too much to bear alone.
This is where cyber insurance comes in. Cyber insurance isn’t a fix-all solution. It doesn’t cover every aspect of a ransomware attack. Things like physical property, future loss of profits, and intellectual property are all left to the business to recover alone. However, cyber insurance does cover profit losses including reputation damage, liabilities including contract penalties and media fines, and lawsuits including class-action and regulatory investigations. Cyber insurance also pays 1 million dollars in damages.
Businesses need to weigh the cost and benefits of cyber insurance for themselves, but with SMB’s expected to put 5-20% of their budget into preventing cyber attacks by 2028, it’s nice to know that they have a cushion to fall on should their money and security efforts fail.