New Ransomware Study Reveals True Cost to Business

Cybereason, a leader in future-ready attack protection, released research findings from a global ransomware study of nearly 1,300 security professionals that reveals more than half of organizations have been the victim of a ransomware attack, and that 80% of businesses that chose to pay a ransom demand suffered a second ransomware attack, often at the hands of the same threat actor group.


Facebook Share Icon LinkedIn Share Icon Twitter Share Icon Share by EMail icon Print Icon

The report, titled Ransomware: The True Cost to Business, also divulged that of the organizations who opted to pay a ransom demand in order to regain access to their encrypted systems, 46% reported that some or all of the data was corrupted during the recovery process. These findings underscore why it does not pay to pay ransomware attackers, and that organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.

Key findings in the research include:

Featured Content

  • Loss of Business Revenue: 66% of organizations reported significant loss of revenue following a ransomware attack.
  • Ransom Demands Increasing: 35% of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7% paid ransoms exceeding $1.4 million.
  • Brand and Reputation Damage: 53% of organizations indicated that their brand and reputation were damaged as a result of a successful attack.
  • C-Level Talent Loss: 32% of organizations reported losing C-Level talent as a direct result of ransomware attacks
  • Employee Layoffs: 29% reported being forced to lay off employees due to financial pressures following a ransomware attack.
  • Business Closures: A startling 26% of organizations reported that a ransomware attack forced the business to close their business for some period of time.

Other key findings included in the full report reveal the extent to which losses to the business may be covered by cyber insurance, how prepared organizations are to address ransomware threats to the business with regard to adequate security policies and staffing, and more granular information on the impact of ransomware attacks by region, company size and industry vertical. In addition, the report provides actionable data on the types of security solutions organizations had in place prior to an attack, as well as which solutions were most often implemented by organizations after they experienced a ransomware attack.

“Ransomware attacks are a major concern for organizations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,” said CEO and Co-founder of Cybereason, Lior Div.

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”  


  • Behavioral Aspects of Compliance with Workplace Safety Measures

    Herbert William Heinrich, author of Industrial Accident Prevention, A Scientific Approach, devised a way of understanding the relationship between unsafe acts and workplace injuries.

  • Online Marketplaces Moving into B2B

    In business-to-business (B2B) sales and distribution, as in many parts of the economy, new technologies and new business models are shaking things up.

  • Virtual Work and the Workplace

    Three in five workers who have been working remotely during the pandemic say they would prefer to continue working at home after the pandemic. Fifty percent of workers believe they are as productive at home as they are at the office.