The cost of a ransomware attack goes way beyond the ransom — and most organizations don't find out until they're already in the hole for millions.
W. Curtis Preston (Mr. Backup) and co-host Prasanna Malaiyandi sit down with Dr. Mike Saylor of Black Swan Cybersecurity to walk through every category of cost that hits when ransomware strikes your organization. This isn't theoretical — we're talking real cases, real numbers, and real consequences that most people never see coming.
The case that sets the stage: UVM Health Network, October 2020. An employee took their work laptop on vacation, opened a phishing email, brought it back into the environment, and lit the fuse. Over 1,300 servers encrypted. Staff forced onto paper records. Patient care delayed for weeks. Total cost? Over $63 million — and they never paid the ransom.
That's the point of this whole episode. The ransom is just the starting line. The real cost of a ransomware attack is everything that comes after it.
We go category by category through every line item that shows up on the bill: overtime pay and third-party incident response firms (Dr. Mike Saylor's firm, Black Swan Cybersecurity, is exactly the kind of outfit you want on speed dial before this happens to you), emergency hardware purchases, lost business revenue — both during the outage and from customers who never come back, regulatory fines (GDPR can run up to 4% of your annual revenue, and California isn't playing around either), reputational damage that sticks to your brand for years, staff burnout and the resignations that follow, supply chain disruptions and credit rating hits, payment processor shutdowns (we talk through a real case involving a dental practice that ended up running carbon copy credit card swipes), and cyber insurance fine print that can leave you completely exposed when you thought you were covered.
We also heard a wild real-world story from Mike: an insurance company hired his firm to determine whether an attack was domestic or international — because the policy only covered domestic attacks. The claim was denied. Read your policy.
The back half of the episode covers what you can actually do about all of this before it happens to you. The big one is a Business Impact Analysis. Mike makes the case that most small-to-medium businesses can get it done in one to three weeks. A city government with 14 departments? Two weeks. The whole point is to know what each system is worth per hour of downtime, so that when the feces hits the rotary oscillator, you know exactly where to focus and you've already made the case to leadership for the budget you need.
Don't wait until the house is on fire to figure out who you're going to call. That's the whole message of this episode.
🎙️ W. Curtis Preston — Mr. Backup | 30 years in backup, recovery & cyber recovery | Co-author, Learning Ransomware Response & Recovery (O'Reilly)
📚 Get the book: https://www.oreilly.com/library/view/learning-ransomware-response/9781098169572/
🛡️ Check out what Curtis and Dr. Mike are building: https://www.stopransomware.com
Chapters:
00:01:44 - Intro & Welcome
00:03:45 - Case Study: UVM Health Network ($63M, 1,300 Servers Down)
00:07:12 - People Costs: Overtime, Staffing & Third-Party IR Firms
00:10:01 - The Odds Are Damn Near 100% — Set Up Your IR Relationship Now
00:13:00 - Hardware Costs & Emergency Spending
00:14:05 - Lost Business Revenue (Current and Future)
00:15:14 - The Stat That Should Scare You: Over 50% Don't Survive
00:16:38 - Regulatory Fines (GDPR, California & More)
00:19:32 - Reputational Damage: Your Customers Never Forget
00:21:28 - Staff Burnout, Exhaustion & Resignations
00:22:40 - Supply Chain Disruption & Credit Rating Impact
00:24:07 - Payment Processor Shutdown (Real Case: Dental Practice)
00:26:00 - Cyber Insurance: Fine Print, Claim Denials & Premium Spikes
00:27:52 - Post-Attack Process Remediation Costs
00:29:36 - Business Impact Analysis: Why You Need One Before It Happens
00:35:00 - Action Items
00:39:41 - Recovery Prioritization & Recovery Point Objectives
00:44:43 - Wrap
Claude is AI and can make mistakes. Please double-check responses.
