On average, it takes an organization 33 man hours to recover from a ransomware attack. That’s the benchmark identified by a survey of 500 IT security professionals conducted by the market research firm Vanson Bourne on behalf of SentinelOne, a provider of endpoint protection software.
Naturally, the actual amount of time can vary based on the number of people an organization might have available to throw at the process. But, the report does give managed service providers (MSPs) some insight into what they need to be able to beat to make a case for taking over backup and recovery.Assuming each full-time employee is making roughly $20 an hour, it becomes apparent that on average most organizations are incurring costs well north of $6,000 to recover from a ransomware attack.
Hidden costs of ransomware
The survey respondents all work in organizations that have more than 1,000 employees, so it’s probable there is a sizeable internal IT organization being employed. While the real costs associated with using internal IT personnel to respond to a ransomware attack are high, there are other costs internal IT organizations also need to consider. Every hour a member of an IT organization spends recovering from a ransomware attack is one less hour that IT employee can spend doing something more worthwhile for the business.
None of those estimates, however, account for any lost productivity or the potential impact on customers. For example, hackers employed ransomware this past weekend to make it impossible for the Bay Area Rapid Transit (BART) serving the metropolitan San Francisco area to collect fares. But the survey results do provide MSPs with a sense of the financial pain being incurred by internal IT organizations.
A growing threat
Of course, those recovery estimates vary considerably by country. In the United Kingdom and the United States the estimates are 22 and 38 man hours, respectively. Survey respondents in France and Germany pegged that man-hour recovery estimate at 37 and 38 hours, respectively.
Just under half of the survey respondents (48 percent) suffered a ransomware attack in the past 12 months. Phishing attacks delivered via email or social media that trick ends users into downloading encrypted malware were cited as the most common method of attack (81 percent); followed by drive-by-downloads from malicious web sites (51 percent).
Survey respondents also revealed that on average their organization is experiencing six ransomware attacks a year, which suggests that once an organization becomes a target the purveyors of those ransomware attacks keep coming back for more.
Getting serious about protection
The good news is that 67 percent of the respondents say their organization has increased spending on IT security in response to ransomware attacks. But just over a third (36 percent) of the security professionals surveyed admitted they feel generally helpless about being able to prevent these types of attacks.
The number of ransomware attacks launched in 2016 is already four times higher than any previous year, and there’s no reason to expect that number won’t be four or more times higher next year. That means most IT organizations either already are or soon will be experiencing a significant amount of financial pain caused by ransomware. Any conversation focused on reducing that pain is sure to get their attention — assuming, of course, everyone having that conversation is being honest about what their level of pain really is.