Technology / Ransomware attacks can cost small businesses up to £75,000, survey finds

Ransomware attacks can cost small businesses up to £75,000, survey finds

A single crypto-ransomware attack can cost small businesses as much as $99,000 (£74,600), according to a new report.

A survey by Kaspersky Lab and B2B International found the average ransom demanded in the attacks is $300 (£225), but other losses can push the overall cost up.

While 34 per cent of entrepreneurs admitted paying cyber criminals, 67 per cent of representatives from small- and medium-sized businesses said their organisations have suffered the partial or complete loss of their data due to crypto-malware.

In 2015 and early 2016, the number of ransomware attacks on businesses increased sixfold compared to the same period between 2014 and 2015.

“The amount of related damage is, to a large extent, affected by shortcomings in the preventive work of the IT staff,” Kaspersky Lab said in its report.

It said poorly administered systems, outdated or missing backups, unreliable passwords and irregularly updated software all contributed to the risk.

49 per cent of small businesses surveyed said crypto-malware was one of the most serious threats their organisations faced, ranking alongside malware, Trojans and viruses and phishing and social engineering in the top three threats to SMEs.

In fact, 20 per cent of companies around the world admitted to suffering IT security incidents as a result of a crypto-malware attack, the figures showed.

47 per cent of small businesses said it took them several days to restore access to the encrypted data, while 25 per cent said it could take several weeks.

“For many small and medium businesses, the lack of resources and internal expertise in the field of information security is one of the most serious problems,” the report said.

“According to the survey, over 44 per cent of entrepreneurs admitted their knowledge about IT threats left much to be desired. About 43 per cent of respondents stated they needed more effective protection, while more than half of the organisations surveyed reported the need for experts not only in IT but in information security.”

For more from the report, see the Kaspersky Lab website.

Photo © Santeri Viinamaki (CC BY-SA 2.0). Cropped.