Ransomware Costs: Beyond The Cash - Talion

We’re all too aware of the growing financial impact that ransomware attacks have on organisations. After all, it’s easy to talk in terms of dollars and pounds.

But what about the other often overlooked or under-talked about consequences of ransomware?

Ransomware costs more than just pennies; it disrupts the economy, business reputation, mental health and more. Most businesses only realise the full impact ‘post’ attack – by then, it’s too late.

Our #RansomAware campaign is encouraging organisations and individuals to come forward to tell their ransomware stories, particularly regarding cyber-shaming and mental health.

We’ve listed 4 HUGE costs ransomware can have on your organisation – beyond just the cash.


Cost of Time

Not only do ransomware attacks incur cost of remediation, but victims need dedicated time and undivided attention from IT teams to get the network and system back up and running to its previous speed.

Nearly 3 out of 4 companies infected with ransomware suffer two days or more without access to their files – this often means time away from everyday work tasks, due to downtime, and can present lost opportunities as a result of prioritising the attack.

Ransomware attacks do cause obvious money costs, such as paying the ransom, but there is also the cost of every hour of time lost from an employee supporting recovery, rather than going about their usual professional duties. Completely remediating a ransomware attack takes an average of 35,285 hours which, if you put a number to it, would cost approximately $2.24 million at the average IT hourly wage of $63.50. That’s an expensive amount of time!


Cost of Reputation

Ransomware attacks almost always make their way into the public, and this can be detrimental to the reputation of the company.

This is particularly evidential in the execution of triple extortion, where threat actors use a combination of encryption and data theft to pressure victims to pay ransom demands, often publicly releasing stolen sensitive information or notifying the victim’s business partners, shareholders and suppliers.



3 ways ransomware costs a company their reputation:

1) Damages a company’s stock price

In April 2021, Darkside ransomware operators published a blog update with a tactic designed to damage a company’s stock price. It stated: “Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.”

These messages encourage members of the public to participate in gaining money off the back of ransomware attacks, whilst also disrupting the growth of the company itself.

2) Business transfers to competitors

In 2020, Universal Health Services (UHS) reported a cyber-attack incident that was believed to be caused by the Ryuk ransomware variant. They noted that “Given the disruption to the standard operating procedures at our facilities … certain patient activity, including ambulance traffic and elective/scheduled procedures at our acute care hospitals, were diverted to competitor facilities.”

This is often the case; we work in a fast-paced world, so customers often won’t hesitate to move companies as soon as something goes wrong.

3) Stolen credentials leaked on public forums

In February 2022, Nvidia were hit with a ransomware attack attributed to the hacking group Lapsus$. It was reported that the hackers stole credentials of Nvidia’s 71,000 employees and password hashes of their windows accounts, before then cracking and sharing them on various hacking forums. It’s no surprise that customers then lose their trust in the victimised business.


Cost on Mental Health

An obvious mental health cost is the guilt associated with inadvertently opening a malicious email and unwittingly launching a ransomware payload. This can happen to any user at any level. But there are other mental health factors at play.

The stress of remediating a ransomware attack can take a huge toll on the individuals fighting on the frontline. As a security leader, members of the organisation often look at you solely for direction, expecting something faster than humanly possible to deliver, and it can be overwhelming.

As Jason Lewkowicz, former CISO of Cognizant, said, “It was a mind shift from being a business operator and planner to being a firefighter” – and this is no exaggeration. When he joined the company the day after the announcement of their security breach, he had no choice but to push aside onboarding and take immediate action.

Jason said: “The first three days I probably worked 20 hours a day. It was very taxing. And one of the things which is extremely important when managing incidents is ensuring your team is taking breaks, eating food, and getting rest. And that was a challenge to deal with, because in a cyber crisis there is this expectation of recover, restore, get back online—all the things, so that we can continue delivering business. There’s no, “It’s totally fine. Let your team go and have a nap.” The business pressures and concern of clients is continuously escalating.”

This is an ongoing problem amongst IT security teams where, under the pressure of an attack, there is no time to look after themselves – only the company. As such, not looking after themselves only leads to more detrimental effects for the company later on, in the form of unproductivity, time off and inability to work at their best.


Cost to Economy

The impact of ransomware extends beyond just the company it attacks.

Ransomware can cause 3 main issues to the economy:

  • Loss of business revenue66% of businesses reported a significant loss to revenue following a ransomware attack. This can affect the trajectory of the organisation and their former plan for growth, whilst impacting all customers who rely on the business in their everyday life.
  • Employee Layoffs – 29% reported being forced to lay off employees due to financial pressure following a ransomware attack. Often, security team members may even leave off of their own accord, due to the overwhelming atmosphere. Being low on staff then makes it difficult to keep the organisation running at the same efficiency and success rate within the market, as well as potentially fuelling the unemployment crisis.
  • Business closures 34% of businesses in the UK are forced to close down as a consequence of falling victim to ransomware attacks – an extremely high number. This is proof that sometimes the initial attack isn’t the worst of it; it’s often the increasing pressure to build the business back up in the aftermath that leaves employees scrambling for solutions.

A prime example of a ransomware attack causing huge disruption to the economy is when JBS, the largest beef supplier in the world, was attacked by the REvil ransomware group in May 2021. The company were forced to halt operations, which impacted the food supply chain and left many supermarkets short on meat products, threatening a lack of food supplies and risk of higher food prices for consumers. JBS inevitably had to pay the $11 million ransom in order to protect their customers and keep the economy running.



Ransomware attacks are more than just a money-issue for organisations and the more this is recognised, the better businesses can prepare for the worst, limiting the impact. Cybersecurity risk assessments must take into consideration the impact from a holistic point of view – operations, company performance, brand, customers and share-holder value.

Organisations will also need to consider going a step further to increase the protection of their security posture through investment in a Managed, Detection and Response Service (MDR) that identifies risks and triages alerts as soon as they appear, speeding up the process of remediation before it infiltrates the larger company system.

For more information on MDR, download our MDR brochure.

We hope to see you over on LinkedIn for further discussion on #RansomAware.

Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
24x7x365 UK-based Security Operations Centre
Service underpinned by market leading threat intelligence team
Continually developed threat relevant content, backed by SLAs
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Experts in SIEM and SOAR technology
UK-based Senior Leadership
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.