As a company, what would you be willing to pay to maintain your brand reputation and operations if held to ransom? And would you have a choice? Considering the cost of stalled operations, reputation loss, even the hourly loss of not being able to serve customers or process transactions, the answer for most is “a lot”. This is exactly what threat actors bank on when initiating attacks.

Threat actors know that if they can disrupt or lock down company systems, and then dangle the key for a ransom, companies may see it as the lesser evil. As much as they try to contain the damage and find the source, the reality is that threat actors are always one step ahead and every hour that passes, the cost of the damage to the business goes up.

Data recovery costs, legal fees, slowed operations. It’s something most companies can ill afford. Especially when the price tag is in the millions.

The cost to companies? The global average cost per cyber breach is estimated at $4.88 million. In the USA it’s almost double that at $9.36 million. It’s a strong incentive to increase cybersecurity, but it will it ever be enough to keep ahead of threats?

Even AI enabled cybersecurity systems are being challenged. They may be far more proficient at early detection and scanning for vulnerabilities, but they’re working against themselves. Threat actors are using AI in multiple ways to write malicious code, identify vulnerabilities and scale attacks on a much broader scale. They’re going after all industries, replicating attacks and causing major headaches for companies who are scrambling to mitigate the impact of the attack.

Case in point is the recent string of cyberattacks on several major UK retailers. Co-Op, Harrods, and M&S have all been impacted. While stores have remained open, online transactions have been affected. The risk to the businesses and their customers is not yet fully known.

What has been identified is that there’s a common thread in the method and targeting of the attack, and that it would be beneficial for the security teams of the retailers to collaborate. These companies are well aware of cyber risks and have multiple security measures in place, yet they still fell victim. They’re now looking for other commonalities in their operations, from service providers and systems right down through their supply chain. What will be the total costs if and when the breach is finally resolved? It’s certainly not going to be pocket change.

On one hand it’s an opportunity for cyber security companies to advance their methodologies and systems. Even then, most will admit that it’s not a case of whether a company will be targeted but when.

Trends indicate that ransomware and the costs of cyber breaches are likely to continue increasing. A recent report by Google Cloud’ Mandiant (M-Trends report) backs this up. Ransomware attacks have consistently increased in recent years confirming that more than half of cyberattacks are motivated by money. Seems it’s pays well to be a cyber criminal these days. Companies will find it challenging to maintain a robust security posture when everyone could be a target.