Ransomware attacks: Does it ever make sense to pay?

The Executive Decision

If the threat of ransomware is keeping you up at night, you are not alone. The rate of attacks is steadily increasing and the debate of whether to pay or not looms large, especially for midsize organizations. UncommonX’s recent State of Cybersecurity for Midsize Organizations study found that 60% of senior IT executives from midsize organizations reported suffering a ransomware attack in the past 18 months and 20% reported paying $250,000 or more to fully recover their operations.

Executives facing the daunting question of whether they should pay the ransom have a lot to consider — but they must do it fast. Some companies will pay immediately. In fact, many companies budget ransom money as part of the cost of doing business. While paying may seem like a quick resolution at the time, it’s a decision that shouldn’t be made lightly. There are several factors to consider, and most of them point to not paying.

Consider These Factors

The first question is, can the company afford it? The Ponemon Institute’s Cost of a Data Breach Report 2022 revealed that the overall cost of a ransomware breach has increased to $4.24 million per company. That doesn’t even include the ransom. It’s the combined costs of reacting to the attack, stolen data, lost revenue and customers, recovery and other related costs, even if the ransom is paid. That kind of financial hit can shutter some businesses for good.

For more about protecting your organization, contact the UncommonX team to request a demo of our MDR and Asset and Vulnerability platform and talk about your specific security needs.

About the Author

At the center of our U.S.-based Security Operations Center (SOC) is a distinctly skilled team of security architects, engineers, analysts, and data scientists. Each is an expert in their respective field and dedicated to protecting our customers 24/7.