27 Feb Global Ransomware Damage Costs Predicted To Hit $11.5 Billion By 2019
Ransomware is expected to attack a business every 14 seconds by end of 2019
– Steve Morgan, Editor-in-Chief
Menlo Park, Calif. – Nov. 14, 2017
Ransomware — a malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction unless a ransom is paid — has reached epidemic proportions globally and is the “go-to method of attack” for cybercriminals.
A recent report from Cybersecurity Ventures predicts ransomware damages will cost the world $5 billion in 2017, up from $325 million in 2015 — a 15X increase in just two years.
The ransomware damage cost prediction has been corroborated by media outlets, academia, industry experts, numerous cybersecurity firms, and cybercrime fighters globally.
“Since September 2013 when CryptoLocker, the first weapons-grade ransomware strain appeared, this type of malware has metastasized into a multi-billion dollar criminal business model that is only in its early phases and will continue to increase in sophistication” says Stu Sjouwerman, founder and CEO at KnowBe4, a company that specializes in training employees on how to detect and respond to ransomware attacks.
Every 40 seconds a business falls victim to a ransomware attack, according to a recent story by the Forbes Technology Council. That statistic comes from a December 2016 security bulletin posted by the cybersecurity firm Kaspersky Lab, which stated that the number of attacks rose from every two minutes in early 2016.
Cybersecurity Ventures predicts there will be a ransomware attack on businesses every 14 seconds by the end of 2019. This does not include attacks on individuals, which occurs even more frequently than businesses.
Global damage costs in connection with ransomware attacks are predicted to reach $11.5 billion annually by 2019.
The big myth around ransomware damages is the costs are limited to ransom payouts. However, the percentage of businesses and individuals who are paying bitcoin to reclaim access to their data and systems in response to ransom demands — is declining (even if the total payout figures are rising due to the sheer volume of new attacks).
Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks. The estimations take attacks on businesses and individuals into consideration, and also include global ransom payouts.
CIOs, CISOs (Chief Information Security Officers), and IT security teams need to heighten their awareness and response plans around the ransomware threat. Cyber defense needs to cross boundaries so that every IT worker understands exactly what ransomware is, how it infects organizations, and how to combat it.
“Ransomware is a game changer in the world of cybercrime” says Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. “It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.”
“Ransomware uses social engineering as its main infection vector” says KnowBe4’s Sjouwerman.
Training employees how to recognize and defend against cyber attacks is the most under spent sector of the cybersecurity industry — and yet it holds out the greatest hope for combating ransomware attacks.
91% of cyberattacks begin with spear phishing email, which are commonly used to infect organizations with ransomware.
“Training employees on security will immediately bolster the cyber defenses at most companies,” says Lawrence Pingree, a research director at Gartner, because most data breaches are based on “exploiting common user knowledge gaps to social engineer them to install malware or give away their credentials.”
“Today, with ransomware being the number one worry of IT pros, it is a very high priority to create a human firewall and train employees with new-school security awareness training so that they recognize phishing attacks and stay on their toes with security top of mind“ adds Sjouwerman.
Educating the world’s online population of 3.8 billion people — which is projected to reach 6 billion people by 2022 — on how to spot and react to spear-phishing emails, is the next best thing to giving them ransomware vaccinations.
Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Ransomware is expected to worsen and make up a proportionately larger share of total cybercrime by 2021. Training employees is the big variable, and the potential big gainer in cutting down ransomware damage costs.
A report from Cybersecurity Ventures, due out in 2018, will provide ransomware damage cost predictions for the 5 year period from 2017 to 2021.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.