RANSOMWARE ATTACK
• Time is an issue. How much is the
downtime going to cost you? How long
will it take to transfer funds to pay off the
attackers, especially if they are requesting
it in Bitcoin (a very likely event).
• How will the attack affect the reputation
of your company? This is a big one, and
it’s also the one that is hardest to define
in terms of hard monetary value.
• The potential cost of regulatory fees or
penalties to your company as a result of
the theft.
The True Cost Of A
Ransomware Attack
W
ith more and more of
the world becoming
connected and utilizing
both cloud services and
software-as-a-service
to run their businesses, cyber theft and
ransomware is becoming a bigger and
bigger threat. While cybercrime is a
term most people know and understand,
ransomware is becoming an emergent
threat. Typically defined as a type of
software which is designed to block access
to a computer system until a sum is paid,
ransomware is a type of attack that is not
only malicious but its damage is often
difficult to fully assess until the attack is
already over.
Imagine this: you run a small- or mid-
sized service business which uses a
database of customers and their associated
information in order to process invoices,
print estimates, and handle scheduling.
What if you suddenly lost access to it?
Worse, what if you saw a message on the
28
computer threatening to delete it unless
you were to pay a huge sum to someone
who did have access to it? What would
you do? Most businesses, unfortunately,
would be at a loss. It’s something that is
somewhat unthinkable until it is too late to
do anything about it.
When considering the costs of an attack
like this, most companies are going to
think about two different numbers: the
amount of the ransom demand and the
amount that it would cost to recover the
data if it is lost forever. Unfortunately, there
are many more factors that come into play,
especially if you look at some organizations
who have had to deal with this issue in the
past:
Then there is the demand itself. You have
to keep in mind that even if you and your
company were to pay whatever ransom
is being asked for, there is no guarantee
you are going to regain access to your data.
It’s not as if you entered into a contract
with the criminals. They could turn right
around and ask for a larger sum, or worse,
take your money and delete or sell all of
your data (the sale of which could lead to
even bigger problems for you if customer
information is what has been stolen).
The fact of the matter is, these threats
are out there. You can either be proactive
in dealing with them or you can wait for
them to happen and pray that things don’t
go south during the negotiation. It’s better
to be safe than sorry, and we at Sterling
Insurance Group know that. Let us help you
prepare before something like this happens
to your company. Contact me at 586-685-
0125 or email bhorrocks@sterlingagency.
com for more information.
BY: BRANDON HORROCKS
STERLING INSURANCE
Brandon Horrocks joined Sterling Insurance Group in 2013 and brought with him 20 years
of knowledge and experience in the Commercial & Benefits arenas. Brandon is a Accredited
Cyber Risk Advisor (ACRA) who makes your business his business and is well versed in helping
his clients reduce their risk and liability during the Merger & Acquisition process. Contact
Brandon at bhorrocks@sterlingagency.com or (586) 685-0125.