Global ransomware damage costs. PHOTO: Cybercrime Magazine.

Global Ransomware Damage Costs Predicted To Exceed $8 Billion In 2018

Ransomware will attack a business every 14 seconds by the end of 2019

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Jun. 28, 2018

Research conducted by Cybersecurity Ventures has led to its estimation that ransomware damages will cost the world more than $8 billion in 2018.

Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

The estimations from Cybersecurity Ventures take attacks on businesses and individuals into consideration, and also include global ransom payouts.

“Ransomware is the new normal; it’s here to stay and is growing in sophistication and frequency,” says Stu Sjouwerman, founder and CEO of KnowBe4, Inc., which hosts a widely popular integrated security awareness training and simulated phishing platform aimed at protecting organizations and employees from ransomware.


“Bad guys choose to hack people if they can; they are the softest target and easily manipulated with social engineering,” says KnowBe4’s Sjouwerman. “Organizations need to protect their infrastructure with a new security layer: a human firewall.”


One of the most frequently asked questions about ransomware, after a business suffers a ransomware attack, is “should we pay the ransom?” This excerpt from the FBI’s 2017 Internet Crime Report provides sound advice to organizations of all sizes and types:

The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved. While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

The FBI’s report states that employee (security) awareness and training is a critical preventative measure when it comes to ransomware.


The ransomware epidemic is fueling a burgeoning market for security awareness training, simulated phishing, and related services.

Global spending on security awareness training for employees is predicted to reach $10 billion by 2027.

KnowBe4, one of the fastest growing cybersecurity companies globally, expects their billings to exceed $100 million in 2018, up from $64 million in 2017, and $24 million in 2016.

Cybersecurity Ventures maintains a list of ransomware news stories with additional facts, figures, and statistics on the topic.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Ransomware Report Archives