Blog > Incident Response

Question of the day: How Much does a Cyber Attack Cost?

Question of the day: we're a company with around 1,000 employees, and we regularly take backups (internally and in the cloud). We are confident that we can recover quickly from a ransomware attack. Within 1 day, we'll be back in production. The impact will be low, we're confident.

However, we're curious to know what the financial impact would be of a ransomware attack targeting our organization? Taking into account the fact that we have functional backups.

Answer
You have functional backups and I assume you test them regularly. Good for you!
Based on our experience in the field, and assuming that your backups are working well, here's a minimum estimate of what a major ransomware attack will cost you (e.g. domain controller encrypted and unavailable):

  • At least 3 days of complete downtime and your company will be paying salaries. The average I see in Quebec, for a company with 1000 employees, is $250K/day, so $750K for 3 days. And I'm assuming that the backups are available on your premises. If they're in the Cloud, add another 1 day.
  • The cost of incident management investigations by an external team like Streamscan.
  • The cost of rebuilding your servers and reinforcing your network security, before returning to production.
  • The cost of protecting your employees' credit files if personal information is stolen/exfiltrated.
  • And keep your fingers crossed that you don't make the headlines!
  • Etc.

As for getting back into production in 1 day, forget it. The day is used to digest the shock, stop the bleeding (contain the incident), manage communication, check your backups or talk to your Cloud provider to find out when backups might be available... and also check that you're not making the headlines.

To sum up, it will be a minimum of 1 million$ if you have backups that work well.