How Backups Can Reduce Ransomware Claim Costs by 41%
New report goes in-depth on reliability of backup solutions and their effectiveness at mitigating costly ransomware attacks
For the longest time, backups were boring. Then ransomware emerged. Now, what was once an afterthought in businesses’ IT inventory has become the last line of defense against the growing threat of cybercrime.
In a newly-released report, Backup Breakdown: How Data Recovery Impacts the Outcome of Cyber Attacks, At-Bay’s Cyber Research Team set out to quantify the importance and success rate of backups. The goal was to look at actual claims data to find out if the accepted wisdom that “backups help” is really true.
Our research found that backups can help reduce the severity of claims — both in terms of the cost of a claim and any downtime the business suffers. They can reduce total ransomware claim costs, mitigate recovery time, and potentially impact cyber insurance premiums. However, complexities involved in setting up and maintaining backups often pose challenges for organizations, which can lead to negative outcomes and increased costs. Many organizations fail to properly configure and operate backup solutions, resulting in failure to restore.
- Despite 92% of businesses reporting having backups, more than 1 in 4 businesses (31%) fail to restore data from them during a ransomware attack.
- Cloud backups have the best recovery rate of all architectures analyzed – with the likelihood of restoration 1.5X greater than the lowest performing configuration (offsite).
- Companies who failed to restore their data were 3X more likely to pay a ransom than those who were able to successfully restore from backups.
- Effective backups decreased the severity of a ransomware claim by 41%.
At-Bay’s data is clear in how small businesses can get the most of this technology, as the report finds that cloud-based backups, when properly configured, better support successful restoration and can cut down on errors that can lead to additional downtime. While certainly better than having no backups at all, offsite backups led to poorer outcomes across the board. Claim costs are higher, more ransoms are paid, and losses are greater among organizations that depend on offsite backups. Given those statistics, we do not recommend making offsite backups part of an organization’s restoration plan.
Additionally, many small businesses are not paying enough attention to the associated factors that impact the ability to successfully restore their organization’s IT stack from backups. Organizations should understand how other factors — such as network bandwidth, data integrity, and system inventory — can impede restorations if not properly managed. Struggling with these factors will have an impact on how quickly an organization can resume normal operations in the wake of an attack.
It’s important to remember that backups are just one part of a holistic cybersecurity plan that includes strong security measures, regular patching/updating of systems, regular employee training, and a robust business continuity plan. Businesses of any size should partner with an InsurSec provider like At-Bay to ensure a strong backup strategy is in place.