The average cost of a healthcare ransomware attack was $4.82 million in 2021, according to IBM Security’s “Cost of a Data Breach Report.” In a new report by ThreatConnect, the cyber threat intelligence company suggested that there is more to be discovered about the true cost of a ransomware attack.
“[T]hat average attack figure takes into account a large number of incidents that cost relatively little (less than $25k) and a few that cost a lot,” the report stated. “The question is—does the average apply to you?”
ThreatConnect analyzed thousands of companies in the manufacturing, healthcare, and utility industries in order to estimate median losses to operating incomes.
“Operating income, also called income from operations, takes a company’s gross income, which is equivalent to total revenue minus [cost of goods sold], and subtracts all operating expenses,” the report explained.
Specifically, ThreatConnect quantified these losses by breaking its analysis down by small, medium, and large companies, with revenues of $500 million, $1.5 billion, and $15 billion, respectively. The report suggested that organizations consult a number that matches their industry and size rather than simply using industry averages when evaluating financial exposure to cyberattacks.
In the case of healthcare, ThreatConnect found that small organizations (defined by the report as having a revenue of $500 million) face median ransomware losses of $15.2 million, with 30 percent of estimated operating income lost. Medium-sized organizations face median losses of $26.8 million with 15.36 percent of estimated operating income lost. Finally, large organizations face $101.2 million in losses according to the report, with just 4.92 percent of estimated operating income lost.
Continue reading this article on the: Health IT Security blog