The rate at which data breaches are occurring is on the rise, this we know. But another corresponding rate on the rise is the dollar amounts that are being paid out in a ransomware attack. That number has risen by 104% for the fourth quarter of 2019. With an average of $84,000 being paid by victims in the last quarter of 2019, organizations are likely wishing for “the good old days” when they could get by with paying $41,198 just over a year ago. Of course, paying the ransom is not recommended by security experts.
What does that mean for your clients? Without cyber insurance, they will likely be in big trouble if they suffer a ransomware attack. Many organizations without cyber insurance will be unlikely to pay a ransom demand, or if they can afford to pay the demand, the other expenses like legal assistance and downtime will make it incredibly difficult to fully recover. The damage to their bank accounts is bad enough, but the damage to their reputation can be irreparable.
As their MSP, you should be informing them about the increase in these rates (all of them!) and making them aware of how to work to prevent the breach, but then be prepared if it does happen.
A New Kind of Dynasty
The families of Ryuk and Sodinokibi ransomware are responsible for the rise in ransom payment amounts, as they’ve shifted their focus into the larger businesses that can afford to pay when extorted. That doesn’t mean the smaller businesses and individuals should feel less threatened. They are still the focus of other cybercrime “families” like Snatch, Netwalker, and Dharma. While the ransom amounts may be less than $2000 on average, the expenses of suffering a ransomware attack extend far beyond paying the demand.
How to Recover
With downtime averages increasing as well, the losses are adding up quickly. A larger company being taken down usually means a larger problem to remedy. These complex networks can have such invasive damage, the recovery pressure is amplified as everyone watches and waits to see how and if recovery is possible, adding additional pressure and attention on the business. If your clients are in healthcare, the potential loss of life magnifies this even further.
As an MSP you need to educate yourself and your clients on the likelihood of a breach, the reality of the damage that will incur, and the necessity to have a strong action plan in place, including cyber insurance. Educating your clients on ransomware specifically, and providing tips on how to avoid it will also go a long way.
Not offering cyber insurance to your clients? Learn about Breach Secure Now’s flexible cyber insurance options!