The true cost of cybercrime for your business

As cybercriminals continue to refine their methods, blending traditional strategies with new technologies, the financial toll on individuals and organizations has reached alarming levels. Businesses are also grappling with mounting cybercrime costs from ransomware and DDoS attacks, which can inflict hundreds of thousands of dollars in damage within minutes.

These statistics highlight a growing concern: as cybercrime costs rise and threats become more complex and widespread, they impact organizations of all sizes.

Old methods, new technologies drive fraud losses

Experian | 2024 Identity and Fraud Report | August 2024

• According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14% increase over the previous year and the highest dollar amount ever reported.

Average DDoS attack costs $6,000 per minute

Zayo | DDoS Insights Q1 & Q2, 2024 | August 2024

• An average DDoS attack now lasts 45 minutes—an 18% increase from last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute.

Business and tech consolidation opens doors for cybercriminals

Resilience | Mid-Year Cyber Risk Report | August 2024

• Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.
• Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor—including notable vulnerabilities associated with Ivanti software—and in 2024 that number is already 40%, and expected to grow.
• Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.

Record-breaking $75 million ransom paid to cybercrime group

Zscaler | Zscaler ThreatLabz 2024 Ransomware Report | August 2024

• The findings from the report uncovered a record-breaking ransom payment of $75 million to the Dark Angels ransomware group, which is nearly double the highest publicly known ransomware payout.

Organizations change recruitment strategies to find cyber talent

Fortinet | 2024 Global Cybersecurity Skills Gap Report | July 2024

• More than 50% of respondents indicated that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 48% in the 2023 report and 38% from the previous year.

Most cybersecurity pros took time off due to mental health issues

Hack The Box | Building a firewall against cybersecurity burnout | June 2024

• Cybersecurity and infosecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave – costing US enterprises almost $626 million in lost productivity every year.

Cyber insurance isn’t the answer for ransom payments

Veeam | 2024 Ransomware Trends Report | June 2024

• For the third year in a row, 81% of organizations surveyed paid the ransom to end an attack and recover data.
• Despite only a minority of organizations possessing a policy to pay, 81% opted to do so. Interestingly, 65% paid with insurance and another 21% had insurance but chose to pay without making a claim.
• The ransoms paid averages to be only 32% of the overall financial impact to an organization post-attack.

Cybercriminals shift tactics to pressure more victims into paying ransoms

At-Bay | 2024 InsurSec Report | May 2024

• Likely driven by more businesses successfully restoring from backups in the wake of an attack, the average cost of a direct ransomware attack decreased by 24% in 2023, to $370,000.
• The average ransom demand by attackers exceeded $1.26 million in 2023, though the average amount paid came in at $282,000, 77% lower than the initial demand on average.
• Encryption and exfiltration events saw the highest median ransom paid ($195,000) over encryption-only incidents ($66,000) or exfiltration-only incidents ($110,000).

The IT skills shortage situation is not expected to get any better

IDC | Enterprise Resilience: IT Skilling Strategies, 2024 | May 2024

• IDC predicts that by 2026, more than 90% of organizations worldwide will feel the pain of the IT skills crisis, amounting to some $5.5 trillion in losses caused by product delays, impaired competitiveness, and loss of business.

Ransom recovery costs reach $2.73 million

Sophos | Data for the State of Ransomware 2024 | May 2024

• Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023.
• Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.
• The report also found that 63% of ransom demands were for $1 million or more, with 30% of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.

56% of cyber insurance claims originate in the email inbox

Coalition | 2024 Cyber Claims Report | April 2024

• As ransomware payments hit $1 billion globally, Coalition ransomware severity dropped by 54%.
• Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.
• Ransomware frequency was up 15% YoY, and severity was up 28%, to an average loss of more than $263,000.

73% brace for cybersecurity impact on business in the next year or two

Cisco | 2024 Cisco Cybersecurity Readiness Index | April 2023

• The cost of being unprepared can be substantial, as 54% of respondents said they experienced a cybersecurity incident in the last 12 months, and 52% of those affected said it cost them at least $300,000.

Scammers exploit tax season anxiety with AI tools

McAfee | 2024 Tax Scams Study | March 2024

• Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than $10,000.
• Moreover, 76% lost money after clicking links in cryptocurrency tax-related messages, with 26% losing more than $2,500 and 16% losing more than $10,000.

Active Directory outages can cost organizations $100,000 per day

Cayosoft | Is Active Directory Forest Recovery Taken Serious Enough? | February 2024

• When asked about the labor cost of downtime, 70% of respondents across all company sizes said they risk losing at least $100,000 per day (just over $200 per minute) of downtime.
• However, a calculation of labor cost, based on an average salary of $75,000 per employee and 250 8-hour workdays per year, demonstrates a significant disconnect between the perceived cost of AD downtime and reality.
• An enterprise with 15,000+ employees risks losing $4.5 million in labor costs per day ($9,375 per minute) of AD downtime. A mid-size company with 5,000+ employees risks losing $1.5 million per day ($3,125 per minute). An SMB with up to 1,000 employees risks losing up to $300,000 per day ($625 per minute).

Payment fraud is hitting organizations harder than ever before

Trustpair | Fraud in the Cyber Era: 2024 Fraud Trends and Insights | February 2024

• 36% of companies said the average financial loss of successful fraud attacks they experienced was more than $1 million.25% said the loss was more than $5 million.