Downtime from Ransomware: How Much Can You Afford?

October 5, 2017
Backup, Data Protection, Disaster Recovery, IT Security

Downtime from Ransomware: How Much Can You Afford?

If ransomware struck your company, how much downtime could it afford? (Try the Downtime Calculator now for a quick estimate.)

How about three to five bitcoins – or approximately $3,780 to $6,300 at today’s exchange rate?  That was the average cost of ransoms paid out by victims of ransomware that were surveyed as part of KnowBe4’s 2017 Endpoint Protection Ransomware Effectiveness Report.

For most mid-sized companies, it’s an amount that is painful but would hardly put them out of business. Even the $30,000 hackers demanded from Erie County Medical Center during a massive cyber-attack in April 2017, wouldn’t cause most companies to shut their doors.

The problem is that when ransomware strikes, it’s not the ransom to have your data decrypted that is so expensive. It’s the downtime. And, it’s not just the loss of productivity associated with downtime that causes costs to escalate quickly. Issues ranging from compliance penalties to damaged company reputation also come into play.

Downtime Costs Add Up

The ransomware attack on Erie County Medical Center ultimately cost that organization millions, including lost revenue during the system downtime. Despite the costs, Erie County Medical Center recovered.  Could your company?  How much downtime could you tolerate? To answer that question, you have to know the cost of downtime for each of your critical applications.

The practical method is to add your labor costs per hour to the revenue you would lose every hour that your labor force could not work.  But is this the entire picture?  Consider these costs:

  • Facilities & Utilities — You’ve included cost of labor, but you’re also still paying to keep the lights on even though nobody can get any productive work done.  And, you’re paying rent and/or maintenance on your physical plant as well as on all the equipment you lease, etc. 
  • Lost Business — How many of your customers might be trying to place an order while your systems are down?  How many might lose patience and place that order elsewhere?  How many might never return?  How much lost business does that represent?
  • Cost of Lost Data — Whatever causes the downtime can also cause data loss, which can cost you customers. If those customers and their data are protected by any governmental regulations, your lapse in compliance may also result in stiff penalties.
  • Cost to Recover — Experiencing downtime means somebody must do something to restore uptime.  How much does that cost?

Bottom line: Downtime is going to be costly. So, the question is not whether to implement a disaster recovery (DR) plan. It’s what is the best DR plan for your organization based on its downtime tolerance.

Remote Data Backup

Perhaps the earliest managed “cloud” service was remote data backup, a service that predates the popular use of the term “cloud.”  You connect your infrastructure to the remote data backup of a provider via a secure internet connection, and the provider automatically backups the data regularly.  Benefits include no media rotation, and the assurance of a Service Level Agreement (SLA) that your data is protected. 

Managed Disaster Recovery

Disasters like hurricanes, earthquakes, and fires can destroy or incapacitate entire buildings, towns, and cities.  This is where the concept of redundancy becomes critical.  You may back up data locally, which will be useful should a server or storage device fail.  You simply replace the failing device and restore the local copy of the data.  But when the outage is caused by a disaster that takes out your building, area or entire city, you’ll want a managed disaster recovery solution in place that ensures your data is replicated far away in a remote data center, perhaps more than one, and available for restoration as soon as you’ve secured a new physical location from which to operate.

Managed Continuity of Business

Beyond replicating your valuable data, you’ll want to replicate your entire infrastructure.  If an outage or disaster occurs, your network “fails over” to the redundant data center and any of your people who are still working just continue to work as if nothing had happened.  Other users can connect to the secondary data center easily from wherever they can securely access the Internet.

Superior cloud service providers will have multiple data centers and massive failover capabilities that go beyond providing redundant servers or redundant storage.  They provide whole redundant data centers, and redundancy of those redundancies.  And, they deliver services to large numbers of customers, so they can afford to spread that expense across their customer base.

More Bandwidth is a Must

Since you’ll be dependent upon the internet, you’ll need a solid strategy that involves multiple carriers whose circuits enter your building from separate places.  Take full advantage of having multiple connections to the internet by bonding them together for better aggregated bandwidth during regular operations, with instant failover should any of your providers have an outage.

US Signal is Here for You

Interested in determining a rough estimate of what downtime would cost your company? Try out the Downtime Calculator.

Then let US Signal help you determine the best possible balance between your business’ downtime tolerance and available budget.   Call 866.2. SIGNAL or email [email protected] to get the conversation started.