Almost every IT project must, at some point, run the financial justification gauntlet. Even initiatives with broad organizational support, like ransomware mitigation, aren’t immune. IT security projects can be tougher to justify because they don’t typically reduce costs or increase revenue. Asking for data security funding triggers skepticism in many CFOs.
If you want to smooth the way to data security nirvana, there are two questions you need to answer. How much risk are you avoiding? And how much should you spend?
At our customer’s request, Concentric recently surveyed the latest research into ransomware costs, such as downtime, forensics, and expected ransom payments. Big Bitcoin transfers make the headlines, but it turns out downtime is the biggest ransomware cost driver. Here’s what we learned.
Unfortunately, anecdotes and averages don’t say much about your specific situation. Larger companies face larger ransom demands. If you’ve hardened your systems, you’ve also lowered the odds of a successful attack. If you have an ace forensics expert on staff, you’ll reduce your recovery costs. And so on. Estimating your exposure to ransomware costs is not one-size-fits-all.
A manageable model groups ransomware costs into three buckets: direct ransom costs, downtime costs, and forensics/recovery costs. Your exposure to these costs is a function of five factors: company size, ransomware hardening, recovery preparedness, forensics expertise, and downtime cost rates. And while investments in data security won’t change two of these five factors (company size and downtime cost rates), they can have a dramatic effect on the other three. Here’s how.
Hardening against ransomware lowers the odds of a successful attack and reduces the amount of damage should one occur. A comprehensive hardening program would include, at a minimum, these activities:
Time is of the essence if you’re confronting an in-progress attack or demands for ransom. Your ability to recover can spell the difference between a relatively minor incident and expensive downtime. Here are some factors that enhance your own recovery preparedness:
If ransomware impacts your organization, it’s essential to understand what’s been compromised, how the attackers penetrated your systems, and how to eliminate vulnerabilities that made the attack possible. Many organizations can’t afford to staff skilled forensics professionals and are forced to rely on external resources when the need arises. These are the factors that will lead to lower costs for forensics analysis:
Once you’ve assessed your organization’s current readiness, you can make better estimates for the likelihood of a successful attack, downtime exposure, forensics costs, the potential for you to negotiate a lower ransom, and other factors that can help you make an accurate case to your financial team.
Concentric now has a spreadsheet-based ransomware cost model combines your answers with current industry research to estimate costs your organizations might face. As with any model of this type, your best bet is to take our suggestions as starting points for your own situation.
If you’re interested in learning more, or getting access to our cost model, let us know and we’ll help you come up with your own research-based ransomware cost estimates. We look forward to working with you!
This article originally appeared in Campus Security and Life Safety magazine. It’s clear that ransomware attacks are on the rise,...
Ransomware is a particularly heartless endeavor: criminals have targeted schools, vital infrastructure, and even patient records at a psychiatric treatment...
In the New Testament, the Four Horsemen are punishments from God, and their arrival signals the end times. Ransomware victims,...
Most of an organization’s assets are not in a constant state of change. Buildings, products, brands – they’re all likely...
There is a tectonic shift in the data security space caused by three major forces- Cloud, Collaboration and Content Variety....
In Lewis Carroll’s Alice in Wonderland, Alice and the Red Queen find themselves running in a landscape that’s running with them....
Libero nibh at ultrices torquent litora dictum porta info [email protected]
Start connecting your payment with Switch App.