Security

Ransomware no. 1 cyberthreat to SMBs, and the average attack costs $47K

More than 55% of MSPs said their clients experienced a ransomware attack in the first six months of 2018, according to a Datto report.

Ransomware continues to dominate the cyberthreat landscape for small- and medium-sized businesses (SMBs), according to a Tuesday report from Datto. Ransomware was the no. 1 cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.

The report surveyed 2,400 managed service providers (MSPs) that provide IT support for half a million SMBs globally. It found that ransomware attacks occur frequently, and are expected to increase. More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times in the same day. Some 92% of MSPs said they predict the number of attacks will continue at current or increased rates, the report found.

The revenue lost due to downtime from these attacks can cripple a small business, the report found. The average attack is 10x more costly for the business than the ransom itself, according to the report;attacks cost SMBs an average of $46,800, while the ransom requested averages $4,300 per attack.

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

Even antivirus solutions are not effective for preventing ransomware attacks, the report found: 85% of those surveyed reported that ransomware victims had antivirus software installed, 65% said victims had email/spam filters installed, and 29% said victims had pop-up blockers, which failed to stop the attacks.

Using Apple operating systems is also no guarantee of safety, the report found. The number of MSPs who reported ransomware attacks on macOS and iOS platforms increased 5x in the past year.

"The number one threat for small business CEOs is thinking they are immune to ransomware attacks," Michael Drake, CEO of the MSP masterIT, said in a press release. "They think they don't have anything the hackers want, so it's not worth the price to protect themselves. When something happens, they're shocked by the cost to get everything back up and running. It's mind-blowing."

While these numbers are alarming, they likely don't paint a complete picture, as most businesses do not report attacks, the report found. Less than one in four ransomware attacks were reported to authorities, according to the report.

To better protect the business, SMBs should work with MSPs and other partners to create a ransomware response plan that includes detection, communication, cause assessment, recovery, and prevention, the report recommended. Ongoing employee training is also a key defense, as many ransomware breaches are successful due to phishing attacks, malicious websites, web ads, and clickbait directed at small businesses.

"It's time to think differently—businesses large and small, should plan for a ransomware attack. That way they are equipped to respond when it happens," Ryan Weeks, CISO at Datto, said in the release. "There are immediate steps that companies can and should take to increase IT resilience and prevent against future attacks. Integral to those steps include end-user training, endpoint protection, and an intelligent backup."

The big takeaways for tech leaders:

  • Ransomware was the no. 1 cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware. — Datto, 2018
  • More than 55% of SMBs experienced a ransomware attack in the first six months of 2018, and 35% were attacked multiple times in the same day. — Datto, 2018

Also see

istock-684726904.jpg
Image: iStockphoto/vchal

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox