The report's key findings include:
- Between 2016 and 2017, ransomware cost European SMBs ?71 million in downtime
- The cost of paying ransoms is still seen as the least bad option to downtime for some, with 21 percent of SMBs handing over cash. However, of those that pay, 18 percent still don’t regain access to data
- The average ransom request was between ?350 and ?1407
- Eleven percent of MSPs reported that a ransomware virus remained on a SMB’s system after the first attack and struck again at a later time
- Despite ransomware attacks’ increasing frequency, reporting figures remain low – fewer than 33 percent are disclosed to authorities. This could be due to SMBs unwillingness to reveal that they’ve fallen victim
- A lack of cybersecurity training (45 percent) and phishing emails (42 percent) are cited as the leading causes of ransomware attacks
- 94 percent of reported attacks happened despite anti-virus software being present
- 54 percent of MSPs reported that SMB clients without a reliable backup and disaster recovery solution (BDR) couldn’t make a full recovery after an attack, 93 percent revealed that those that had one in place were able to.
Mark Banfield, SVP at Datto, provides the following comments on the report:
“The impact of ransomware can be threefold. The combined cost of the ransom, downtime and any reputation damage suffered can have a potentially business-threatening effect on a SMB, so there needs be a greater understanding around it. This can be helped by encouraging victims to report attacks. Providing authorities with real-life data that can be used to improve general awareness, prevention, detection and prosecution of perpetrators.
“It’s also alarming that a lack of cybersecurity training is cited as a reason for ransomware’s growing effectiveness. Many SMBs take their chances by not even providing basic training, but this simply increases the chances of phishing emails and other social engineering attacks being successful. Businesses must teach employees to identify the red flags.
“Defending against ransomware requires a multi-layered cybersecurity strategy. No single defence is enough – as proven by the number of attacks despite antivirus being in place. Cybersecurity training needs to be combined with malware blockers and detectors, with a reliable BDR providing the last line of defence. When SMBs take regular snapshots of networks, they are able to simply spin up systems from a healthy point should a ransomware attack take hold. Critically, this mitigates having to pay the ransom and the downtime suffered from not having access to critical data.”