The forest from the trees: the hidden costs of ransomware

Edwin Weijdema March 05, 2025 15:08

Almost seven out of 10 Hong Kong companies experienced cyberattacks in the past year, the city’s privacy watchdog has found after a survey revealed that firms’ cybersecurity readiness still stood at “basic” levels

The index, which evaluates companies’ policy and risk assessment, technology control, process control, and human awareness building, increased by 5.8 points from last year to 52.8 on a hundred-point scale, placing the city’s enterprises at the “basic” level.

Hong Kong has witnessed a surge in ransomware attacks, with a number of incidents disrupting businesses and organizations across various sectors in recent months. Attackers have deployed a range of sophisticated attack payloads to infiltrate target systems.

Ransomware has dominated the headlines for the past two years. As a result, most are well aware that successful attacks can be - and often are - financially devastating for businesses. Typically, these conversations centre around the monetary cost of ransom, and whether it is a worthwhile expense for businesses to shell out. As ransomware attacks remain a significant and frequent threat to businesses, with 76% of businesses, globally falling victim to at least one attack last year, according to the Veeam Data Protection 2024 report. Clearly more attention should be paid to the less immediately obvious impacts organisations face - like employee burnout, cost to consumers, and more. Businesses need to be aware of what these costs can look like. Veeam’s research also highlighted how large organisations are having to increase costs to customers by an average of 17% following an attack. Nearly a quarter of companies (22%) said they increased prices by 21-30%, while 6% increased prices by 31-40%.

The ransomware economy

These days, most people recognise that ransomware is, unfortunately, a fact of life for modern businesses and organisations of all sizes. However, less attention is paid to the wider impacts of so many businesses facing financial losses as a result of ransomware attacks. Ransomware is not just a business challenge, it’s a significant macroeconomic factor.

Researcher IDC notes that the rise in ransomware payments, fueled by the exploitation of vulnerabilities in critical infrastructure and supply chains, resulted in 59.6% of Asia/Pacific enterprises falling victim to ransomware attacks in 2023. Furthermore, using AI-driven tactics has allowed cybercriminals to launch more precise and persistent attacks, posing additional challenges to the region's cybersecurity resilience.

This puts businesses in even more of a difficult position - at a time when consumers increasingly demand that businesses keep their data safe, they’re also demanding that businesses offer accessible prices as the costs of living spiral. Ransomware is making both of these a serious challenge. If businesses want to keep their customers, they need to keep their data safe so they can keep their costs down.

Financing crime

It’s easy to forget that cybercrime is an industry in itself. While many cyberattacks do come from lone amateur hackers, most often the attacks with the widest-ranging impacts come from organised groups. Though it can feel strange to think of them as such, given they are criminals, cyber-attackers are increasingly professionalised, and their strategy is to extort their victims for as much money as possible.

An example of this is the Rhysida group, which in October 2023 claimed the British Library in a high-profile attack from which the organisation is still yet to fully recover. At the same time, the group - which has also hit organisations in Europe, The Middle East, and South America - crippled the systems of Toronto Public Library.

Remember, while it’s understandable to be tempted to pay a ransom when you’re among the chaos of an attack, if you do so you are financing crime. Your organisation’s payment will give these groups the resources to attack other businesses, public services, and critical national infrastructure.

Attacking a library of global significance sounds alarm bells, but when critical national infrastructure is attacked then lives are endangered. For example, earlier this year, more than one hundred Romanian healthcare facilities were hit by a ransomware attack. Fortunately, the majority of these hospitals were prepared with recent data backups, meaning that systems could get up and running quicker than otherwise, limiting the impact on patients.

This highlights the importance of nailing your backup and recovery strategy to not only stop ransomware attackers in their tracks but to break the payment chain.

Building resilience

If your business falls victim to a ransomware attack, it will cost you. For the worst attacks, the financial costs are huge and wide-ranging - including cost of downtime, legal costs and reputation management, and the cost of recovering data. Separate to this, you also stand to lose not only customers, but employees too, as the mental health consequences of working for an attacked organisation can push employees to seek other roles.

The best way (in fact, the only way) to protect your business against the range of costs associated with ransomware attacks is to nail your backup and recovery strategy so attackers don’t get a look in. While ransomware is an inevitability for most modern organizations, catastrophe isn’t. The best way to develop a robust backup strategy is by following the enhanced 3-2-1 backup rule, which becomes the 3-2-1-1-0 rule. This requires three copies of data, across two different media types, with one copy offsite, one copy immutable, offline and air-gapped, and all of this data with zero errors. By making sure that you have several error-free backups across different media and locations, you can ensure that even if hackers get their hands on one of your backups, you’ll always have a clean copy to recover from.

Fundamentally, to keep your costs under control you need to make sure it isn’t worthwhile for hackers to spend their time and resources trying to break in and steal your data - while you can’t remove the possibility of a ransomware attack, you can take its power away.

Edwin Weijdema is Field CTO EMEA for Veeam Software and based in the Netherlands. He serves as a partner and trusted adviser to customers, partners and colleagues worldwide, bridging business and technology. He has over 3 decades of industry experience as a technology and business leader with a key focus on data management and cybersecurity. He is also a crew member and blogger at www.vmguru.com

Edwin Weijdema

Field CTO EMEA and Lead Cybersecurity Technologist, Veeam