There has been a significant increase in ransomware attacks in Australia in the past year, with a survey indicating the majority of Australian businesses being targeted.
Around the world the cost to business is staggering and huge gains can be made off the back of a miniscule investment on behalf of the cyber criminals. These are the numbers you need to know in order to act now.
1. Two-thirds: the proportion of Australian businesses that have reported a ransomware attack
2020’s annual survey from Crowdstrike shines an alarming spotlight on the prevalence of ransomware with 2 in 3 Australian organisations suffering a ransomware attack. Unfortunately, Australia has lacked good data on the number of attacks in part because of the murky legal nature of paying cyber criminals. Insurers are however increasing their premiums and lowering limits in a response to this growth while the Australian government is proposing mandatory ransomware reporting and making directors personally liable for cyber attacks.
2. US$136,576: The mean amount paid in ransomware payments in Q2 2021
The good news is that the average amount businesses pay to lift ransomware restrictions is falling. The bad news is that the falling payment price likely reflects the large number of ‘competitors’ in the ransomware market, diluting the impact of the larger players. The median payment in Q2 was US$47,008, down nearly 40% from Q1. Despite this, the average downtime caused by a ransomware attack was 23 days – long enough to have a much bigger impact on the company’s bottom line and, often more important, their reputation.
3. $66: the tiny cost to criminals of ransomware tools
The market for ransomware is huge, and we have seen the emergence of ransom-as-a-service as well as DIY tools for cyber criminals on sale for as little as $66 using stolen or brute-forced credentials that can cost just $20.
Last week we focused on the three key numbers you need to know about the causes and costs of cyber security breaches, which you can read more about here.
All businesses regardless of size or industry should be focused on cyber security. It is a business risk, not an IT problem, and it’s important to have preventative measures in place and an incident management plan ready to follow in the unfortunate circumstance that a breach happens.