Rubrik, a leading data center backup and recovery provider, recently released a report analyzing the best approaches to managing the financial cost of ransomware. It contends that one reason the financial cost of operational disruptions is so high is because most of the focus and resources are placed on prevention rather than recovery. The report claims that a ‘belt and braces’ approach—one that ensures back-ups cannot also be easily compromised when core IT infrastructure is impacted—helps limit data loss and operational damage. Yet in 23% of cases, backup data was affected prior to the ransomware attack being identified. 30% of those who had experienced a ransomware attack said that it took days to recover.
It is increasingly known that operational disruptions are far more costly than any other form of cyber breach. According to Cyberhedge data, on average companies experience a 20% reduction in operating margins post-breach. But as Rubrik (and its business model) makes clear, not all ransomware attacks are created equal. The report rightly calls attention to the significant financial difference between swift detection and remediation and protracted ones.
The June ransomware attack impacting Honda disrupted global operations for more than one day before systems started to come back online. Despite the relatively swift response from the company, we estimated the company would see a 13-19% incremental decline in operating margins due to increasing security-response costs and technology expenses related to fixing supply-chain disruptions. Still a significant impact for a company already under immense financial pressure amid COVID‑19. But by contrast, Travelex’s systems were down for over two weeks in January following its ransomware attack. It swiftly lost 28% of operating income, and the event helped push parent company Finablr toward bankruptcy.
Many companies are disadvantaged for two reasons:
- ~74% of attacks are undetected (Mandiant/FireEye)
- 23% of companies have back-up data affected prior to detection
This means that a significant percentage of companies actually impacted by ransomware attacks are not likely to achieve optimal remediation, including having secure back-ups in place that enable a company to recover systems promptly and minimize the operational disruption.
Companies with strong cyber governance are less likely to experience a ransomware attack in the first place. But if an attack does occur, better performing companies are in a stronger position to limit the financial damage incurred in part because they usually have stronger systems and processes in place that are the foundation of response and remediation. This is reflected in Rubrik’s recommendation for a ransomware response and recovery plan and supporting playbook.