Does it seem like ransomware risk and associated costs never stop rising for businesses? That’s because they are rising by leaps and bounds every year. By 2031, a ransomware attack will strike a business every two seconds with an estimated annual cost of $265 billion in damage. This makes ransomware the fastest-growing type of cybercrime. Every business needs to be ready to handle a continuing onslaught of ransomware, and a look at these four factors that are contributing to that constantly growing risk can help ensure that IT professionals are making all the right moves to secure systems and data from this potential disaster.

A quick examination of the basic facts about the scope of the ransomware problem that businesses face today shows that the danger of a ransomware disaster is only growing worse for businesses as time goes on. Cybersecurity Ventures estimated the worldwide cost of ransomware at $20 billion in 2021. That number is expected to rise exponentially in the next ten years to an eye-popping $265 billion by 2031. The number of ransomware attacks businesses face won’t decrease if it continues to move at the same pace as it has in recent years.  In 2020 and 2021, the number of ransomware assaults that organizations endured has more than doubled, increasing by 92.7% year-over-year. Unfortunately, a large number of those assaults are expected to be successful. Analysts at Gartner say that ransomware will have infected 75% of all enterprises by 2025.

A data breach is never cheap, but if a company has a data breach as a result of a ransomware attack they’re looking at even bigger bills. The IBM Cost of a Data Breach 2022 report offers insight into the prevalence of ransomware-related data breaches, their growing price tag, and the damage they can do to a business. It’s probably not a surprise, but the cost of a data breach has reached a new high, reaching $4.35 million this year. That’s a slight jump of 2.6% from the 2021 cost of $4.2 million per incident, which was at the time the highest ever recorded in the 17 years of the study. Many factors influence the cost of a data breach, and the presence of ransomware is one of them. The average price of a ransomware-related data breach did dip slightly, from $4.62 million in 2021 to $4.54 million in 2022. However, ransomware is still more expensive than other data breaches with an average cost of $4.54 million, 19% higher than the average, not including any ransom paid.

A Major Increase in Email & Phishing Volume Sends Ransomware Risk Soaring

One reason for that difficulty is explosive growth in the most common attack vector for ransomware: phishing. Phishing is a never-ending scourge on businesses, hitting an all-time high in Q1 2022 when researchers recorded more than 1 million attacks in a single quarter for the first time. That’s 1 million potential cyberattacks that could be headed for businesses. The top data breach threat for three consecutive years, phishing is a plague on organizations. 80% of IT professionals saw a substantial increase in phishing attacks including those carrying ransomware in 2021. Consistently rising email volumes from remote work and shifts to more cloud-based operations for businesses give cybercriminals more chances to get phishing messages that carry ransomware into employee inboxes. Far too often, humans unwittingly help attackers gain a foothold in company networks or devices because they fall victim to the lure of a phishing email. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email.

The most likely way for ransomware to enter a company’s environment is through the actions of an employee. Falling for a phishing message, downloading a dangerous attachment, clicking a malicious link – any of those employee mistakes is an expressway to an expensive, painful ransomware nightmare. But businesses can quickly and affordably reduce the chance of an employee making a security mistake like those with security awareness training and phishing simulations. In fact, companies that engage in security awareness training have 70% fewer security incidents than companies that don’t.

Source: Id Agent