Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime that occurs during the incident, the post-breach costs can be significant. These costs can include everything from the time and resources it takes to detect how the compromise occurred and remediate the actual threat to notifying customers of the exposure, paying any regulation fines and a reduction in business due to system downtime, customer churn and increased cost of acquiring new customers.

IBM recently published the findings from its 2021 Cost of a Data Breach Report. This year’s report found that ransomware attacks were more expensive than average breaches, costing on average $4.62 million, excluding the cost of paying the ransom. The percentage of companies where ransomware was a factor in the breach was 7.8 percent.

Why Is Ransomware So Costly?

Ransomware doesn’t exist as a solo type of attack, which only exacerbates the cost. It can stem from phishing or social engineering attempts that seek to steal identity and authentication information. According to the Cost of a Data Breach Report, 20 percent of all breaches studied were caused by compromised credentials — the most common attack vector.

Now, not only are your records held captive, you’ve also got an attacker loose in your internal systems using legitimate credentials. Investigating attacks of this nature can be extremely time consuming. Breaches from compromised credentials took an average of 250 days to identify and 91 days to contain, for a total of 341 days, the longest data breach lifecycle based on initial attack vector. The report found that data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days — adding more to your costs.

Finally, your data (or your customer’s data) has been exposed. This is tricky to calculate but the report does highlight that loss of business represented 38 percent of the overall average cost of the breach — or about $1.59 million.

Download the Report

Limiting Damage with Zero Trust

It’s not realistic to think that you can prevent a ransomware attack, but it is possible to limit the size and scope of the damage. Consider that in this year’s report, zero trust was identified as a way to reduce the average cost of a data breach. In fact, the report found that the average cost of a data breach was $1.76 million less for those companies that had a mature zero trust approach deployed, compared to those without a zero trust approach.

At the same time, findings from the report showed that nearly 43 percent of respondents said they have no plans to implement zero trust. Come again?

Why is this number so high when the benefits are so apparent? This really speaks to the challenge of implementing this type of approach. Zero trust is a different way of thinking about your security tools and information. It requires sharing data across teams that may have competing goals or budgets. But it doesn’t have to be so hard.

Putting zero trust into action as a modern approach to security gives your business the confidence and the flexibility to grow and adapt as it needs to, without worrying about security. Limiting damage from breaches is a good place to start. And, in the end, it seems that costs for ransomware are relative — you can pay now to limit damage or pay more in the long run.

Where Do You Start with Zero Trust?

Knowing your business goals and the cyber threats that put those goals in jeopardy is essential to the success of any security program. In our next blog, we’ll be discussing the importance of security risk quantification as a way to measure the impact of a breach. Knowing these costs shines a light into what’s important to your business and provides a clear picture of your cost versus risk, which can help justify starting or advancing your zero trust approach.

more from Malware

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti…