Ransomware Attacks: Calculating the Cost of Downtime

Jason Reid Blogs

Ransomware attacks put businesses at operational, financial, and reputational risk. But what about the recovery window? All businesses need to calculate the cost of downtime.

Ransomware attacks are one of the main cyber-threats facing businesses in 2016. They are utilised more than ever before by cybercriminals looking to extort money from affected organisations, whose operations suffer when key data becomes encrypted. Amongst IT managers there is a lot of focus on the recovery of encrypted files, and rightly so, but what about the cost of downtime? Whether you recover from an attack in minutes, hours, or days has a significant cost impact to your business.

In this blog post we will explain the financial repercussions of ransomware recovery, and help you to calculate the cost of downtime.

The Actual Cost of Downtime

Cost of Downtime

According to research carried out in early 2016, IT downtime costs North American businesses $700 billion dollars annually. A significant percentage of this figure results from productivity loss. This may not be a cost that you can easily track in company accounts, but – as we’ll explain in the following section – it is something that you should take time to understand and appreciate.

Cost of Downtime

Downtime is something that the vast majority of businesses experience. Recent surveys have shown that 91% of data centre managers have experienced an outage in the past two years, with 47% experiencing downtime in the past 12 months.

We should all take downtime seriously. This means that businesses should take tangible steps to reduce downtime where possible. But how can you justify this to decision makers in the business? By demonstrating the cost of downtime, you can make a compelling argument for enhancing disaster recovery provisions.

Calculating the Cost of Downtime

What is the true cost of downtime? If your business is affected by a ransomware attack, you have two choices: pay the ransom, or recover the files to a pre-encrypted state. Nobody wants to pay a ransom to cybercriminals, but this may be the most economical means of recovery if your disaster recovery provisions don’t allow for rapid recovery.

In the chart above there are three areas that are measured: cost to fix, revenue loss, and productivity loss. We’ll run through these one at a time.

Cost to Fix

When your business suffers downtime, the cost to fix is totally dependent on the provisions that you have in place to support recovery. If you have outdated disaster recovery provisions that are unable to adequately deal with a ransomware attack, you may need to fly in specialist firms and individuals to do their best to recover your data. This will, of course, come at a premium. If, on the other hand, you have appropriate disaster recovery provisions in place that have been tested and are known to support the rapid recovery of systems and data, your cost to fix will be significantly lower.

Revenue Loss

How important is system uptime to your business’s revenues? For some more ‘traditional’ businesses, an IT outage may not be too damaging. But for many modern businesses, especially those that carry out sales and marketing online, downtime can result in significant losses in revenue. Consider the systems that your business relies on to bring in revenue, and calculate how much revenue the systems account for.

As an example, transactions on your website may account for £12,000 of revenue a day. If your website is unavailable for three hours, this will mean around £1,500 of lost revenue – more if the website is down during peak hours.

Productivity Loss

Of all the factors that need to be considered with the cost of downtime, productivity loss is perhaps the most significant. Having employees unable to work is financially damaging to any business, and the longer they remain unproductive, the more costly it becomes.

Cost of Downtime

Consider an outage at a 50 person office that lasts one business day. If the average annual salary in the office is £30,000, one day of downtime will cost the business over £11,400, factoring in a drop in efficiency of 50% for 2 days.

With ransomware infections, you should consider the impact both of downtime and of the need to roll-back for an extended period. Recovery from a ransomware infection requires either identification of the time of infection or, more commonly, the recovery and testing of multiple restore points until a clean environment is confirmed.

Let’s say that a ransomware infection impacts a finance system, affecting a team of five users. For our example, the average salary of each staff member is £35,000 per year. It would not be uncommon for the recovery window of such an infection to cause three days of downtime, during which systems are rebuilt and tested, until at last a clean recovery point is found from a week ago.

Cost of Downtime

For the next two weeks, the finance department not only has to recover from three days of outage, but they have also lost the previous week’s work. The efficiency of the team is impacted: not only does the department need to continue to process the normal day-to-day transactions, but they must also spend a considerable amount of time identifying and reproducing the work lost over the next two weeks. The total cost to the business is £6,700 for three days of outage only affecting five members of staff!

Reducing the Cost of Downtime

One of the drivers behind writing this blog post has been to make the following point: –

It’s not the ransom that’s so damaging to your business. It’s the downtime.

If your disaster recovery solution can help you to recover from a ransomware attack, but takes a day or more to do so and does not deliver granular recovery points, would your business not have been better off just paying the ransom? What guarantees do you have that, even when paying the ransom, your files will be unlocked? If you want to reduce the cost of downtime, the only real way to achieve this effectively is to reduce the downtime itself.

AssureStor’s dr2cloud platform defends businesses from ransomware by delivering recovery times that are measured in minutes, not hours or days. By reducing the recovery window significantly, in conjunction with delivering granular recovery points, your business no longer needs to weigh up the cost of downtime against the price of paying a ransomware demand. Contact us if you’d like to learn more.