{"id":17356,"date":"2025-08-05T09:48:50","date_gmt":"2025-08-05T13:48:50","guid":{"rendered":"https:\/\/gtm.com\/business\/?p=17356"},"modified":"2025-08-05T09:48:50","modified_gmt":"2025-08-05T13:48:50","slug":"reduce-risk-ransomware","status":"publish","type":"post","link":"https:\/\/gtm.com\/business\/reduce-risk-ransomware\/","title":{"rendered":"How to Reduce the Risk of a Ransomware Attack"},"content":{"rendered":"

\"reduce<\/em><\/p>\n

Ransomware is a type of malicious software (malware) that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.\u00a0It encrypts files or locks computer systems, demanding payment, often in cryptocurrency, for decryption or access. Our cybersecurity partner, Orbitalfire<\/a>, says that while ransomware payouts have been on the decline, businesses shouldn\u2019t mistake lower payouts for lower risk, and they provide some proactive tips to reduce the risk of an attack.<\/span><\/span><\/em><\/p>\n

Ransomware Payouts Are Down, But Don\u2019t Celebrate Just Yet<\/h2>\n

If you\u2019ve skimmed recent headlines, you might have seen something surprising: ransomware payouts are on the decline. According to\u00a0Aon\u2019s 2024 Cyber Resilience Report<\/a>, the average ransom paid by companies fell to just 28% of the initial demand in 2023, down from 43% in 2022. On the surface, that sounds like good news. Less money to the bad guys? We\u2019ll take it.<\/p>\n

But here\u2019s the catch: ransomware attacks themselves haven\u2019t slowed down. They\u2019re evolving. And for small businesses, the risks remain high, even if the ransom number doesn\u2019t.<\/p>\n

The Cost Is Still Coming from Somewhere<\/h3>\n

Lower payouts don\u2019t mean fewer claims. In fact, cyber claims are\u00a0up<\/em>, especially among small and midsized businesses. Aon\u2019s report shows a significant uptick in cyber insurance claims from this group, driven by business email compromise, data theft, and of course, ransomware.<\/p>\n

Why the disconnect? In many cases, organizations are refusing to pay ransoms or negotiating them down, often due to better preparedness, stronger backups, or legal\/regulatory pressure. But that doesn\u2019t eliminate the cost. Downtime, data recovery, incident response, and customer notification costs can easily stack up, regardless of whether a ransom is paid.<\/p>\n

\"Ransomware<\/p>\n

The Ransom Isn\u2019t the Only Threat<\/h3>\n

Cybercriminals are getting creative. More are using \u201cdouble extortion\u201d: stealing data and threatening to leak it if the ransom isn\u2019t paid. Others are exploiting vulnerabilities faster and more quietly, often sitting in networks for weeks before triggering an attack. Small businesses without the tools or visibility to detect this kind of activity are at higher risk, regardless of how low the final ransom demand is.<\/p>\n

So What Should Small Businesses Do?<\/h3>\n

Here\u2019s the real takeaway: lower average ransomware payouts are a sign that resilience is possible, but only with the right preparation.<\/p>\n

At OrbitalFire, we\u2019ve seen firsthand how smaller businesses can punch above their weight by focusing on practical, proactive cybersecurity. Here are some of the things making the biggest difference:<\/p>\n