How Much Would Your Company Pay to Get Its Data Back?

(Bloomberg Opinion) -- Fifty-one percent of organizations were hit by a ransomware attack during the last year, according to survey of 5,000 IT managers across 26 countries conducted by Vanson Bourne for Sophos. In 73% of these attacks, the criminals were successful in encrypting the acquired data.

Twenty-six percent of victims whose data were encrypted restored their systems by paying a ransom, although 1% of companies that paid up didn’t get their data back.

Somewhat counterintuitively, paying a ransom actually doubled the total cost of data remediation when compared to restoring systems via backups or other means, because the overheads of data recovery (downtime, people time, device and network costs, lost opportunity) remain similar regardless of the additional cost of the ransom. For those who refused to pay a ransom, the average cost of data remediation totaled $732,520. For those who coughed up, it was $1,448,458.

The silver lining: 94% of organizations whose data were encrypted managed to restore it — and 73% did so without paying a penny to the criminals.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Ben Schott is a Bloomberg Opinion visual columnist. He created the Schott’s Original Miscellany and Schott’s Almanac series, and writes for newspapers and magazines around the world.

©2020 Bloomberg L.P.