In 2024 alone, thousands of businesses were impacted by cyberattacks. The cost of cybercrime continues to rise sharply, with the annual cost of cybercrime projected to exceed $10.5 trillion by 2025. But beyond the financial numbers lies a more troubling truth: the average cost of a cyberattack doesn’t fully capture the damage it can do to a business.
Whether it’s downtime, loss of reputation, or long-term operational setbacks, these are consequences that even the best cyber breach insurance or cyber insurance data breach coverage policies often fail to cover.
Especially when it comes to ransomware, one of the most prolific kinds of cyberattacks nowadays, business leaders are faced with a wide range of consequences – financial, operational and reputational. While the financial cost is easier to measure, the others are harder to track and quantify. This is why we will look at a real example that originated in Europe where we can share a business leader’s firsthand experience.
But before we take a closer look at these “hidden” costs of cybercrime, let’s get a better idea of what the financial costs of a cyberattack are.
The top-of-mind question is: How much does a cyberattack cost?
The IBM Cost of Data Breach Report 2024 studied 604 organizations impacted by data breaches between March 2023 and February 2024, and here’s what they found.
According to the report, the average cost of a cyberattack that targeted businesses faced was USD 4.88 million. Clearly, the financial impact of cybercrime is staggering – and it is steadily growing.
Compared to 2023 the average cost of a data breach jumped by 10%. Driven by a rise in lost business (including operational downtime and customer churn) and the cost of post-breach responses, these costs totalled USD 2.8 million. This is the highest combined total for lost business and the cost of security breaches in six years.
The FBI defines ransomware attack as a type of malicious software or malware that prevents the victims from accessing their computer files, systems, or networks and demands a ransom for their return. Here’s an overview of the statistics over the few last years.
Sources: 2023 data and 2024 data.
If we look at the numbers above, the question is not if your company will be hit, but when. And in light of that, it is important for business leaders in decision-making positions such as CEOs, CTOs, and CISOs, to understand the financial impact of ransomware attacks on the company resources.
We have a prime example of ransomware in the Colonial Pipeline cyberattack. Colonial Pipeline, the largest oil pipeline in the US, was hit with a massive, targeted ransomware attack in May 2021. The pipeline – which supplied over 45% of the East Coast’s gas, diesel, and jet fuel – was forced to shut down its operations entirely for 6 days. It took Pipeline 11 days to only partially recover after it ended up paying $4.5 million dollars in ransom, about half of which the FBI later recovered. By the time the technical side of the cyberattack had run its course, nearly 11,000 gas stations were still out of gas, and the average cost for fuel per gallon rose nationally; resulting in the highest cost in over 6 years.
In summary, whether your organization is large or small, the cost of a cyberattack — especially one involving ransomware — continues to rise and often extends far beyond initial recovery expenses.
As seen earlier, the cost of a cyberattack reached a record high in 2024 due to intangible factors like lost business and post-breach responses. This harsh reality is clearly illustrated by the experience of Thomas Seiler, whose voice brings these numbers to life.
Thomas speaks from the standpoint of being the former CEO of a company that was on a strong growth trajectory. But like many medium-sized businesses, their IT infrastructure wasn’t scaling at the same pace.
A year and a half before the ransomware attack, Thomas took over responsibility for IT, and his first move was to hire a Head of IT and conduct a complete assessment of the company’s security posture. The findings identified some gaps in a few areas. The team quickly mobilized: allocating resources to upgrade systems, they engaged external cybersecurity experts and outsourced certain services.
While this work was being completed, the company was hit by a ransomware cyberattack. Fortunately, the newly implemented surveillance system detected the breach and automatically disconnected affected devices. Only Microsoft-based systems were impacted — a minority within the company, thanks to the founder’s early decision to standardize on Linux machines. This decision turned out to be a critical factor in preserving business continuity across most of the company.
Still, the R&D department, which relied heavily on Microsoft PCs, took the biggest hit. This caused significant disruption, especially for innovation efforts that were the core of the company’s long-term growth.
Although the attack caused no loss of customer data or intellectual property, and no ransom was paid, restoring the R&D IT environment was a massive undertaking that took many months. Team morale suffered as they waited to get back to normal. Big clean-up efforts by the IT team had to be done despite the initial containment of the intrusion.
Post-incident, the company took aggressive action. Specifically, the company:
While direct expenses from the attack were estimated at 200,000 to 300,000 Swiss francs, the indirect costs told a different story. The disruption delayed progress on a CHF 100 million R&D investment, revealing that the true cost of a cyberattack lies not only in what is lost, but in what is delayed. And these operational and business costs are not covered or included in any cyber insurance, unfortunately.
In the end, Thomas reflected upon the positive point that their high level of transparency and swift recovery capabilities contributed to strong external trust. Remarkably, despite the setback, the company delivered one of its best quarters on record — a testament to resilience.
As we’ve seen from the statistics above and from Thomas’s firsthand experience, companies are facing more and more pricey consequences – both financial and indirect – when faced with ransomware attacks. Businesses must rethink cybersecurity strategies that rely on traditional defenses like firewalls and VPNs to protect critical services that are exposed on the Internet.
In fact, because VPNs operate on the Internet, their IP addresses are easily accessible. This essentially opens the door to malicious actors, making VPNs a common route for bad actors to secure initial access to a target network.
How do hackers discover such IP addresses? By “port scanning” – a method that identifies open ports and services available on a networked computer. Port scanning is easily and efficiently performed by malicious actors who are constantly scanning the web for victims.
The inevitable combination of a growing attack surface and methodical scanning by cybercriminals results in cyber threats like ransomware, malware, and DDoS attacks.
On top of that, VPNs visibility to hackers via port scanning exacerbates the zero-day threat. Once a software vulnerability is discovered, it is a simple matter for cybercriminals to identify who deploys that VPN software and attack it.
The cybersecurity risk of VPNs is confirmed by the Cybersecurity Insiders’ 2024 VPN Risk Report, which surveyed 593 IT professionals and cybersecurity experts, and says that 42% of companies see VPNs as potential attack vectors for ransomware attacks, 35% for malware infections, and 30% for DDoS attacks.
While the superpower of today's Internet is its capability to connect everyone with everyone else anywhere and everywhere, the Internet does not allow you to limit the reach of a service. SCION, on the other hand, lets you manage your company’s attack surface, controlling who can see your critical service.
Unlike the traditional Internet, where networks and systems are exposed to the world (including bad actors), SCION allows organizations to decide who can access their systems via Anapaya GATE.
Anapaya GATE, operating on the SCION Internet, introduces a new approach to network security for critical systems. SCION allows business critical services to be hidden from general Internet access, while selectively granting access to its remote users via Anapaya GATE. Instead of focusing on “who to keep out,” Anapaya GATE focuses on “who to let in” – an essential shift in network perspectives that limits exposure and reduces attack risks.
By making services reachable only from selected networks, Anapaya GATE reduces the risk of ransomware and DDoS attacks targeting your critical system. With the GATE, unwanted traffic does not even reach the firewall/VPN server.
With selective access, certain services remain effectively “invisible” to typical attack sources, shielding them from cyber threats such as malware and ransomware and ensuring a safer infrastructure.
Reflecting on the ransomware incident, Thomas and his leadership team realized that cybersecurity must be recognized as a strategic priority. The experience served as a wake-up call, embedding security awareness deeply across teams and prompting them to accelerate the upgrade of the company’s IT architecture already started a year prior.
Thomas offers a word of caution: “Awareness of cyberattacks and their aftermath remains dangerously low in small businesses and startups. As a coach to several young companies, I stress the importance of addressing cybersecurity early — from strong password hygiene to safeguarding intellectual property. Startups are especially vulnerable, often handling third-party IP on shared machines and becoming dependent on service providers, creating risks of vendor lock-in. My advice? Make cybersecurity part of your foundation, do not add it as an afterthought.”
The numbers are clear, especially the ones looking at the future as projected by the global indicator Estimated Cost of Cybercrime: the annual cost of cybercrime worldwide is projected to rise by 6.4 trillion USD between 2024 and 2029, a 69.4% increase. By 2029, it’s expected to reach a new peak of 15.63 trillion USD.
The urgency behind Thomas’ advice is clear. Now, if you are wondering how to go about making sure you have built the best cybersecurity foundation, SCION has the answer because SCION does just that. With Anapaya GATE on the SCION Internet, companies benefit from a stronger, more secure infrastructure where ransomware attacks are prevented, not just something merely to react to or mitigate after the fact.
Download the eBook and take the first step toward securing your critical service.