Why Ransomware Costs Need to be Prioritized in Your 2023 Budget
By Anurag Lal, CEO and President of NetSfere
No one expects a hostage takeover, ever. Businesses never think a ransomware attack could happen to them, and yet it very well can at any moment. These attacks have been steadily increasing over the last few years, with a 16% increase from 2018 to 2022. In fact, 2022 saw over 70% of businesses experience a ransomware attack.
As enterprise leaders look ahead to Q1 and 2023 financial planning, IT officers and cybersecurity staff need to press the importance of allocating ransomware costs into the annual budget. A study by ThoughtLab saw cybersecurity budgets grow 51%, from .53% to .80% in 2020 to 2021. This is likely due to the risk increase associated with remote work environments and the vulnerability that comes with them.
One of the biggest ransomware attacks in recent days is the May 2021 Colonial Pipeline Company fiasco. Colonial Pipeline holds almost half of the East Coast’s fuel and after a major hack takeover, Colonial Pipeline is said to have paid nearly $5 million in ransom to the DarkSide ransomware hackers to get a decryption key.
Even with the potential to face mountainous fines such as these, ThoughtLab’s report shows 40% of chief information security officers (CISO) say their organizations are unprepared for a rapidly changing threat landscape. Another study said there is a 20% chance of paying more than $5 million and a 5% chance that the impact would be greater than $50 million.
Further research shows that the enterprises most at risk for these attacks, aside from personal home computers, are healthcare services or other providers. This is because they carry the most attractive, sought-after data and information for hackers.
When considering the new year’s budget, CISOs can suggest allocating expenses for updated software protection services, full encryption and zero-trust security policies, and ask to set aside extra funds as a safety net in the event of a ransomware attack. Even investing in ransomware insurance is an option. How much a company is willing to spend on ransomware protection and mitigation is likely to be a hefty conversation with the Board.
Most hackers request ransom payments to be paid through cryptocurrency services, with 98% of 2019 ransomware payments were paid through Bitcoin. The thieves request this kind of payment because cryptocurrency offers anonymity and ease for them.
How greatly a ransomware attack impacts a business comes down to how prepared that business is for an attack. Investing in the right protections at the beginning of the year can turn an attack from an emergency to an inconvenience. Ultimately, finding room for proactive solutions against ransomware attacks can potentially save a company millions of dollars in the long run. By safeguarding the company’s confidential and valuable information, CISOs are lessening the chance for hackers to get in and building trust across the board.
About the Author
Anurag Lal is the President & CEO of Infinite Convergence Solutions and NetSfere. With more than 25 years of leadership and operating experience in technology, mobile, SaaS, cloud and telecom services, Anurag leads a talented team of innovators who are transforming everyday messaging technology into secure, highly scalable communication platforms that can be leveraged across a variety of markets and segments. Appointed by the Obama administration, Anurag also previously served as a Director of the U.S. National Broadband Task Force (part of the Federal Communications Commission). A frequent contributor on wireless connectivity, broadband and related security issues, Anurag has received various industry accolades, including recognition by the Wireless Broadband Industry Alliance in the U.K. for exceptional individual contributions to the wireless broadband industry.
Anurag Lal can be reached on LinkedIn at https://www.linkedin.com/in/anuragl For more information about NetSfere, please visit https://www.netsfere.com/.