Ransomeware has been on the rise, with spectacular growth from 2018 to 2020. Its spread has been helped by the availability of ransomware software that turns almost anyone into a ransomware cyber thief.
Purplesec, a cybersecurity firm based in Vienna, Virginia, recently released a report on ransomware titled '2021 Ransomware Statistics, Data, & Trends'. The report found that time spent recovering from a ransomware attack cost firms more than the actual amount paid to recover their data.
Since 2018, ransomware attacks have shot up by 350%, according to the report. The average demand amount in 2018 was $4,300. In 2020, that increased to over $8,000. As a result, global financial costs due to ransomware increased from $8 billion in 2018 to $20 billion in 2020.
As mentioned earlier, downtime is the highest cost of a ransomware incident. In 2020, downtime-related costs were 23 times more than in 2019. The average downtime loss in 2020 was $283,000. That's up from only $47,000 in 2018, a more than 6X increase in just two years.
Cyberattacks, including ransomware, might seem like a big business problem. Why would attackers waste time on small businesses? Small businesses are not immune to cyber attacks, as they accounted for 43% of all attacks, according to Purplesec. Sadly, 60% of small businesses that are attacked fail within six months.
Cybercriminals can nickel and dime their way to millions. However, the amount demanded is small enough that most small businesses will pay it.
The most vulnerable 10 industries include:
- Government (15.4%)
- Manufacturing (13.9%)
- Construction (13.2%)
- Utilities (11.1%)
- Professional services (10.4%)
- Retail (7.5%)
- Real estate (7.1%)
- Hospitality (6.1%)
- Healthcare (5.7%)
- Education (5%)
A lot of ransomware attacks originate from employees unknowingly engaging with ransomware emails. Clicking a link in a suspicious or unknown sender email usually triggers the ransomware event. Even for small businesses that don't have the resources to spend on cybersecurity software, better education of employees can drastically cut down on ransomware attacks.