What is this gonna cost?

That is often the first question we ask in business. Followed by: What are you trying to sell me? What am I going to get for the price?

The questions that need to be asked though (although still cost-related) are:

  • How much will it cost my business if I am down for x hours? Days? Weeks?
  • What price will I need to pay to get back my data/money/time?
  • How much can I ‘lose’ before I have to close the doors?
  • Am I financially at risk if actions that hit MY company, then hit my clients?

Those of us in the IT/MSP field know all too well what those costs can be. We get news on it daily. We see the trends, the numbers, and the impacts that everyday, small businesses experience. And let us be brutally honest – it’s not pretty. It’s pretty crushing to see really. 

Protection against ransomware costs money. Of course it does. But so much happens behind the scenes – that the value may get lost.

There are many sophisticated tools that are constantly scanning, updating, adapting, and alerting to ensure that end-users are as secure as possible. It also takes technicians analyzing those alerts, proactively addressing potential threats, and mitigating them on the backend – that costs money too. The magic behind the curtain is really the battle against the next big threat, the next hack, the next ransomware attack.

So back to the original question a business will ask – ‘what is that gonna cost me?’ 

Here are some of the ‘costs’.


    • The average ransomware demand paid by organizations has increased to an average of $112,000.   (source) 68% of companies end up paying (source)
    • The average downtime after a ransomware attack is 16 days. (source) The cost of downtime is almost 50 times greater than the ransom demand (source)
    • The cost of Forensics and Recovery average is $73,851. Ransomware forensics and recovery can take a major financial toll, especially for companies that did not have an incident response, disaster recovery and business continuity plan in place. (source)
    • The cost of data loss can be immense. Up to 90% of victims that pay ransom do not get their data back. (source)
    • Legal fees can be steep for companies that fail to prevent data breaches and can face large penalties from authorities. Not only this, per a new upcoming federal law, simply giving into a ransomware demand may lead to fines both for the victim and also the insurer.
    • There can be a cost to a business’s reputation. It could take years for a business to be able to build back up trust in the company with investors and clients if a breach directly affects them.


Beyond direct costs, like ransom payouts and IT costs of rebuilding servers, there are significant indirect or soft costs. These include business disruption, lost revenue, lost employee productivity, and brand erosion. The confidence of customers, partners, and investors is diminished if user data is compromised. To rub salt in the wound, litigation settlements and regulatory fines could follow. A business can experience product delays if the breach hits their supply chain. This can impact large enterprises if their vendors are attacked.


As an IT provider – we may sound like a broken record about security – but it is because it matters. It costs clients money, time, reputation and so much more. Security is the number one thing that keeps MSP’s up at night. Our main focus and job is to ensure our clients can do what they need to do – when they need to do it be successful. Making sure their network is secure is one of our most important jobs. The bad guys WILL try their best to circumvent our security measures – but we will work just as hard to make sure they don’t.

So the next time your IT provider wants to discuss security measures with you – ask them

‘What is this gonna cost me if I DON’T’.

–  Jennifer Gilligan 8.25.21


Scroll to Top