The cybersecurity world faces numerous threats, including ransomware. Experts have long known that ransomware is a significant issue, but recent figures put the extent of the issue in perspective.
Specifically, experts predict that by 2031, ransomware will cost businesses over $265 billion worldwide.
The Ransomware Prediction
The prediction comes from Cybersecurity Ventures. Their estimate of $265 billion by 2031 is based on the assumption that consumers and enterprises face one attack every two seconds.
For reference, they predict that 2021 will see a total ransomware cost of $20 billion. To put the rapid growth of ransomware in perspective as well, consider that this current figure represents an increase of 57 times since 2015.
Cybersecurity Ventures found a year-over-year increase in cybersecurity incidents of 30%. The $265 billion estimate for 2031 accounts for this.
Other Relevant Figures
Data from the FBI’s Internet Crime Complaint Center showed that just in 2020, the organization received 2,474 formal complaints regarding ransomware. The center estimated 2020’s ransomware losses as being $29.1 million.
Importantly, this figure only accounts for ransomware payouts. It does not account for other related costs.
Additionally, experts agree that these figures are likely lower than the reality. As Roger Grimes recently mentioned in Cybercrime Magazine, that figure only includes businesses that “cared enough to report it.” Businesses would see no real benefits from reporting the ransomware attacks, which likely causes vast underreporting.
He expects that it is really larger by multiple orders of magnitude.
A recent study found that 61% of companies reported having a ransomware attack in 2020. The average downtime was six days.
Another study had a much lower figure, just 37%, compared to 51% the previous year. Despite the drop in percentages, the financial impact increased. Specifically, it went from $761,106 to $1.85 million, according to the study.
That last study concluded that cybercriminals are increasingly targeting businesses that represent larger rewards.
An Example from Kaseya: How One Attack Can Affect Hundreds of Companies
Another important piece of data regarding ransomware attacks comes from Kaseya. The company faced a ransomware attack during the summer. Experts estimate that although this attack focused on the US IT firm, it affected 800 to 1,500 businesses globally.
This figure may not be comprehensive either, as most companies affected were customers of customers.
The Trend Toward More Complicated Attacks
Historically, ransomware attacks have been single incidents where cybercriminals lock a network or computer until someone pays.
However, this is changing. Now, “double extortion” attacks are becoming more common. In addition to encrypting or locking data, cybercriminals also exfiltrate it to criminals. Then, those criminals who pay for the data blackmail the victims, saying they will share the data unless they pay.
One estimate indicates that the last quarter saw a 20% increase in data exfiltration, making this a significant concern. It also found that 70% of the reported ransomware attacks now involve blackmail or threats of leaking that exfiltrated data.
It is important for all businesses to take this ransomware threat seriously and protect their company data.
Are you a professional searching for an infrastructure, cybersecurity, or InfoSec opportunity?
We create mutually beneficial partnerships that provide solutions for both candidates and clients. Contact us to discuss your career path or browse our open positions.–