28 Jun Global Ransomware Damage Costs Predicted To Exceed $8 Billion In 2018
Ransomware will attack a business every 14 seconds by the end of 2019
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Jun. 28, 2018
Research conducted by Cybersecurity Ventures has led to its estimation that ransomware damages will cost the world more than $8 billion in 2018.
Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.
The estimations from Cybersecurity Ventures take attacks on businesses and individuals into consideration, and also include global ransom payouts.
“Ransomware is the new normal; it’s here to stay and is growing in sophistication and frequency,” says Stu Sjouwerman, founder and CEO of KnowBe4, Inc., which hosts a widely popular integrated security awareness training and simulated phishing platform aimed at protecting organizations and employees from ransomware.
- Sonicwall just reported a 300 percent year-over-year growth in ransomware, according to KnowBe4.
- Global damage costs in connection with ransomware attacks are predicted to reach $11.5 billion annually by 2019.
- A previous report from Cybersecurity Ventures predicted ransomware damages cost the world $5 billion in 2017, up from $325 million in 2015 – a 15X increase in just two years.
- Cybersecurity Ventures predicts there will be a ransomware attack on businesses every 14 seconds by the end of 2019, up from every 40 seconds in 2016. This does not include attacks on individuals, which occurs even more frequently than businesses.
- Ransomware attacks on healthcare organizations are predicted to quadruple by 2020
- 91% of cyberattacks begin with a spear phishing email, which are commonly used to infect organizations with ransomware.
“Bad guys choose to hack people if they can; they are the softest target and easily manipulated with social engineering,” says KnowBe4’s Sjouwerman. “Organizations need to protect their infrastructure with a new security layer: a human firewall.”
One of the most frequently asked questions about ransomware, after a business suffers a ransomware attack, is “should we pay the ransom?” This excerpt from the FBI’s 2017 Internet Crime Report provides sound advice to organizations of all sizes and types:
“The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved. While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”
The FBI’s report states that employee (security) awareness and training is a critical preventative measure when it comes to ransomware.
The ransomware epidemic is fueling a burgeoning market for security awareness training, simulated phishing, and related services.
Global spending on security awareness training for employees is predicted to reach $10 billion by 2027.
KnowBe4, one of the fastest growing cybersecurity companies globally, expects their billings to exceed $100 million in 2018, up from $64 million in 2017, and $24 million in 2016.
Cybersecurity Ventures maintains a list of ransomware news stories with additional facts, figures, and statistics on the topic.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.