Existential Cash Flow Crisis of Ransomware
Ransomware has evolved into a model known as Double Extortion. Before encrypting your data and holding it ransom, the criminals copy the data off your computers to their own, where they keep it as a hostage. If you choose to not pay the ransom they will expose the hostage copy of your data publicly on the internet. They use reputation risk and confidentiality requirements (either regulation or contractual) as a way to force the payment. Further, while they have a copy of your data, they are able to read your financials and insurance contracts so that they can set the maximum ransom. While there is a negotiation to determine the ransom, it is very one-sided.
In 2020, Verizon’s Data Breach Investigations Report found that the Median Loss for a Ransomware attack - before the transition to the Double Extortion method - was $11,150, source. We expect this number to go up the next time it’s reported.
Microsoft’s Digital Defense Report published October 2021 show the Ransomware encounter rate doubled between 2018 and 2021, source. This trend is also expected to continue going up.
The risk is real, the criminals are motivated and past successes for them means they have funding for more advanced attacks in the future.
The cash flow implications of a successful ransomware attack are significant - with crippled systems income will plummet. New orders won’t be getting entered and existing orders won’t be getting filled. At the same time the expenses will be escalating - the non-IT staff will be idle, external resources are likely required to supplement the IT staff in recovery, and the cost of the ransom, plus potential future losses due to reputation or customers going elsewhere. May all add up to a long cash flow crisis.
Has your C-Suite/Board been briefed on the potential cash flow risks from ransomware?
Where is your C-Suite’s/Board’s level of engagement with ransomware risk?
- Unaware
- Aware but unconcerned
- Aware and concerned
- Budget allocated to projects to mitigate risk
- Ransomware risk is a priority item
Might be time to review the sources listed above and run these concerns up the chain…