Blog Cyber Security Managed Service Provider Microsoft 365 Ransomware

Why Ransomware Risk Won’t Stop Rising for Small Businesses

No featured Image

Ransomware Risk Isn’t Going Anywhere But Up

Does it seem like ransomware risk and associated costs never stop rising for businesses? That’s because they are rising by leaps and bounds every year. By 2031, a ransomware attack will strike a business every two seconds with an estimated annual cost of $265 billion in damage.

A quick examination of the basic facts about the scope of the ransomware problem that businesses face today shows that the danger of a ransomware disaster is only growing worse for businesses as time goes on. 

The number of ransomware attacks that businesses face won’t decrease,  if it continues to move at the same pace as it has in recent years.  In 2020 and 2021, the number of ransomware assaults that organizations endured has more than doubled, increasing by 92.7% year-over-year. Unfortunately, a large number of those assaults are expected to be successful. Analysts at Gartner say that ransomware will have infected 75% of all enterprises by 2025.

 A data breach is never cheap, but if a company has a data breach as a result of a ransomware attack they’re looking at even bigger bills. The IBM Cost of a Data Breach 2022 report offers some insight into the prevalence of ransomware-related data breaches, their growing price tag and the damage they can do to a business. It’s probably not a surprise, but the cost of a data breach has reached a new high, reaching $4.35 million this year. 

A Major Increase in Email & Phishing Volume Sends Ransomware Risk Soaring 

One reason for that difficulty is explosive growth is the most common attack vector for ransomware: phishing. Phishing is a never-ending scourge on businesses, hitting an all-time high in Q1 2022 when researchers recorded more than 1 million attacks in a single quarter for the first time. That’s 1 million potential cyberattacks that could be headed for businesses. The top data breach threat for three consecutive years, phishing is a plague on organizations. 80% of IT professionals saw a substantial increase in phishing attacks including those carrying ransomware in 2021. 

Big, Consistent Paydays Encourage More Attacks 

A successful ransomware attack can net more for bad actors than just data to sell on the dark web. It can also net the bad guys a straight-up extortion payment. About 52% of organizations hit with a ransomware attack choose to negotiate with the extortionists or simply pay the ransom that is demanded, especially organizations involved in time-sensitive operations or critical infrastructure management. Cybercriminals know this and take advantage of it to score a fat payday. The average ransomware payment climbed 82% from $234,000 in 2020 to a record $570,000 in 2021.

Paying the extortionists may get a company out of the jam it’s in immediately, but it just leads to more attacks down the road, sometimes even from the same gang.



Beyond the ransom, one of the biggest disasters that businesses face if they fall victim to a ransomware attack is a shutdown. Most SMBs that are successfully hit by ransomware will be forced to shut down for some length of time. A report in Tech Republic detailed the results of a survey on how long businesses could survive a ransomware-related shutdown.

An estimated 75% of the businesses surveyed said their company would survive only three to seven days following a successful ransomware attack. Digging deeper, 47% of those businesses said that they would survive for only three days, while 28% said that they’d survive for up to seven days. 


The damage that businesses suffer from a ransomware attack isn’t quickly or easily overcome. But businesses can quickly and affordably reduce the chance of making a security mistake like those with security awareness training and phishing simulations. Here at Pacific IT Support we have your back!  Contact us today or book a discovery session!

Leave a Reply

Your email address will not be published. Required fields are marked *