Cybercrime, and in particular ransomware attacks, can wreak financial and operational havoc on your business. And the incidence of these attacks is on the rise.

Ransomware — a form of malware — is the latest and fastest-growing online threat. It has become a lucrative business for hackers and a looming threat for businesses large and small. According to Cybersecurity Ventures, there will be a ransomware attack on businesses every 14 seconds by the end of 2019, up from every 40 seconds in 2016. Similarly, ransomware costs are expected to reach $11.5 billion in 2019.1

What is the threat?

In a ransomware attack, the hacker literally holds an organization hostage by penetrating its network and encrypting/locking down all of its files, rendering them inaccessible until a ransom is paid. Only then will the hacker release the data by providing the organization with a decryption key that unlocks the data.

But that’s not the end of the story. “What people have to realize is that the hacker may have been rummaging through a lot of sensitive data even before they encrypted it. They could have been selling your data for months, and just locked it down on their way out,” says John Farley, Vice President, Cyber Risk, HUB International. “Even after an organization pays the ransom, their problems may be far from over.”

Beyond the costly extortion and temporary business interruption, which can be paralyzing, the aftermath of a ransomware event can be equally as devastating, as it can fuel federal investigations into an organization’s network safety and security, requiring costly legal representation for months or years and leading to lawsuits by affected individuals and more.

Everyone is at Risk

According to Farley, any organization that stores data on a network is at risk of a ransomware attack. Contrary to popular opinion, he warns, hackers aren’t deterred by business size or industry.

“Small to mid-size business can even be an easier target for the hacker because they don’t have the resources to protect themselves. They’re as vulnerable as a big chain retailer. The hackers don’t discriminate,” says Farley. “If it’s easier to get money from the little guys, they’ll go there. A W-2 or T4 form as well as a Social Security or social insurance number from a mom-and-pop holds the same value on the black market as those that come from a large bank. Every organization needs to be aware of the dangers out there and plan accordingly.”