What ransomware attacks cost your clients

Brokers selling cyber insurance may want to pay attention to a recent statistic: the average financial cost of downtime to a Canadian business following a ransomware attack is 7.5 times higher than the average ransom requested per incident.

Canada not only has the highest average cost of ransom, but also the highest cost of downtime globally, according to Datto’s Canadian State of the Channel Ransomware Report, released last week. The average cost of downtime of US$49,500 (CAD$65,724) far exceeds the average ransom request of US$6,600 (CAD$8,764), says the report, using conversion rates from February 2019.

“The report did not unearth any specific reasons why this may be the case, but it is certainly a concerning data point that [managed service providers (MSPs)] should take notice of as it means ransomware is a higher impact threat to small business in their locale,” Ryan Weeks, chief information security officer at Datto, told Canadian Underwriter.

The study, comprised of statistics pulled from a survey of over 250 MSPs across Canada, found the average MSP reported four ransomware attacks with their client base per year. “In the first half of 2018, an alarming 37% of MSPs report clients suffered multiple attacks in a single day (up from 31% from 2017).”

The increasing number of attacks seems to be reflected in recent insurance claims statistics. In late February, specialist insurer CFC Underwriting released its 2018 cyber claims data, which found ransomware was the primary driver for claims in Canada. This type of attack represented 32% of all cyber claims notified in 2018, a 9% increase from 2017.

In the report, Datto asked: Which industries have you seen victimized by ransomware (check all that apply). Among other industries, the results were:

• Construction/manufacturing, 44%
• Professional services, 32%
• Non-profit, 24%
• Finance/insurance, 22%.

Ransomware also remains a massive threat to small-to-mid-sized businesses, which range by industry and size, from dentist offices to coffee shops to hotels and more. From the second quarter of 2016 to the second quarter of 2018, 83% of MSPs reported ransomware attacks against SMB customers. In the first six months of 2018 alone, 55% reported ransomware attacks against clients. Almost all (92%) predict the number of ransomware attacks will continue at current, or worse, rates.

The tactics used to attack small and large businesses with ransomware are similar, Weeks noted. “The main difference is that for an attacker, there is a higher chance of success against a small business due to missing or less mature security defences as well as high susceptibility of small business proprietors and employees to phishing and web-borne threat vectors.”

The aftermath of a ransomware attack can be crippling for a business, Datto noted. When asked about the impacts of a successful attack, 70% of MSPs reported victimized clients experienced a loss of business productivity. “More than half report clients experienced business-threatening downtime.”

In September 2018, the regional municipality of Mekinac in Quebec fell victim to a CryptoLocker ransomware attack. The municipality’s servers were disabled for about two weeks, leaving employees unable to work. The attack not only impacted government employees, but 10 other municipalities with a population of about 13,000 people, the report said.

The hackers demanded eight Bitcoin units into a bank account, roughly equivalent to $65,000. The ransom was negotiated down to $30,000 in November of that year, and the municipality retrieved their lost data after two weeks of downtime.

Datto’s study found that “universally,… a well-thought out backup and disaster recovery planning solution is the best insurance for recovering from ransomware,” Weeks said. “In addition, small and medium-sized businesses need insurance offerings that protect them from cyber risks and help them recover from such threats should they occur despite best efforts to prevent.”