Indirect costs are the costs of business interruption associated with a ransomware attack. Business interruption costs are often five to ten times higher than direct costs.
Calculating the actual cost of downtime can be challenging as it has different effects on different businesses and organizations. For SMBs, the average cost of downtime in 2019 comes out at $141,000, a more than 200 percent increase over last year’s average downtime cost of $46,800. This is more than 20 times higher than the average ransom request from SMBs, which is $5,900.
In the public sector, 42% of organizations have suffered a ransomware incident in the last 12 months, with 73% of those experiencing two or more days of downtime as a result. For enterprise, the average downtime in Q3 2019 was 12.1 days, according to a Ponemon Institute study, and the overall cost estimated at $740,357. This leads to the additional cost of operational shutdown, which can have a truly staggering impact on the bottom line, as aluminum manufacturer Norsk discovered when it suffered from a ransomware attack that caused cumulative damage of $55 million. Attacks on municipalities can be costly as well. A recent attack on New Orleans is estimated to have cost the city $1 million, and an earlier attack on Baltimore is estimated to total $18 million in damage.