by Scott Jack
Content Contributor, E-N Computers
More than a decade of experience in technical support including end user support, mobile device management, application deployment, and documentation.
When John arrived at his office in Virginia on Wednesday morning, he was met with an alarming sight. His wrecking company, which generates roughly $1M in annual revenue with less than 10 employees, was in trouble. The files on his main computer, including inventory and sales data, had been locked by ransomware. With this computer out of commission, his 35-year-old business was dead in the water.
The immediate impact was severe:
- Workflows were significantly slowed or completely halted.
- No inventory management, creating a backlog of work and reliance on manual recordkeeping.
- Poor sales and customer services because of not being able to look up parts, create quotes, process work orders, or maintain customer information.
A ransomware attack isn’t just an IT problem — it is a business survival crisis.
QUICK ANSWER:
What is the true cost of ransomware to a small business?
A ransomware attack can be devastating to a small business. Paying the ransom doesn’t undo the damage, may not get you your files back, and is not recommended by authorities. You’ll incur other costs, like IT labor, new equipment, lost revenue and productivity from downtime, data recovery, and security improvements. These incidents can also cause reputational damage and loss of customers. It’s estimated that the average cost of a ransomware attack to small businesses starts at $120,000.
In contrast, proactive IT strengthens the health and resiliency of your business and prevents devastating cyber attacks. The question isn’t whether you can afford proactive IT, but whether you will survive without it.
Why ransomware devastates small businesses
Criminals know that small businesses are easy targets because they often view IT security as an unnecessary expense instead of a business protection investment. They also know that you are less likely to have tested and readily available backups.
John’s company was vulnerable to attack because of risky business decisions:
- The industry software his business relies on used a weak default password on a powerful local administrator account (this is like leaving your office unlocked)
- Multiple remote access programs were installed for convenience.
- User accounts were not secured with multifactor authentication, allowing anyone with a password to access everything.
- Local backups were on an external hard drive connected to the main computer — when the computer was attacked, the backups became unusable, too.
While all these decisions made things easier or cheaper for John in the moment, they created a perfect storm that left his business reeling.
Quick response is key
As soon as John realized that his main computer — which acted as a server for his inventory and sales software — had been encrypted by ransomware, he quickly powered off the computer and removed it from the network to prevent any potential spread of malware. He looked up nearby IT companies and called us for help.
When our technician arrived, he began an investigation. During the first half of the day, he was able to determine the type of ransomware and how the attackers probably gained access. The rest of the day was spent setting up a new computer so that John could resume operations. This included installing inventory management software and securing the associated local admin account.
The hidden costs of a $5,000 ransom
Using a contact method listed in the ransom note, our technician found out that the attackers were asking for a $5,000 ransom. Whether John paid the ransom or not, there were more costs involved.
Risks of paying a ransom
Security experts strongly advise against paying a ransom. Paying a ransom does not guarantee you will get your files back. Here are three reasons it’s not a good solution.
- Attackers will sometimes take the money without giving you the keys to unlock your files.
- The recovery process is not guaranteed, and you may not get all your files back.
- Paying encourages criminal behavior, doesn’t remove ransomware, and might lead to you being attacked again for another payout.
Immediate response costs
John’s immediate costs included IT labor, a new computer, lost productivity and downtime. We can estimate these as:
- $1,800 for one day of IT labor (8 hours * $225/hour)
- $700 for a new computer set up the same day
- $5,000 per day of lost revenue due to downtime
Recovery and restoration costs
Professional data recovery, time and labor to catch up on a backlog of work, and improving security are common costs following an attack.
We estimate that John would have spent $5,000–$10,000 on professional data recovery alone. He was very fortunate to have a friend with advanced skills that was willing to help by working 12+ hours to decrypt a copy of his data.
Even with the overnight efforts of his friend, John’s business was partially disrupted for several days. That means lost business in the short term and can even mean some customers that never return.
Survival statistics that should worry every business owner
Most businesses end up far worse off than John.
- According to PurpleSec, “small businesses impacted by a data breach can expect to pay $120,000 to $1.24M” on average.
- According to Verizon’s 2025 Data Breach Incident Report SMB Snapshot (PDF), SMBs experience ransomware data breaches at more than double the rate of large enterprises (88% versus 39% of breaches).
- A commonly accepted but unsubstantiated statistic is that 60% of businesses close within six months of a cyber attack. However, VikingCloud’s 2025 report found that 1 in 5 SMBs self-reported being unable to survive an attack that cost them as little as $10,000.
- According to DeepStrike, 53% of organizations take about one week to recover operationally. But to fully restore and harden systems against future attacks can take 6–12 months.
- Various studies suggest that reputational damage can cause a business to lose between one-third and two-thirds of its customers, and the VikingCloud report referenced above found that 36% of SMBs lose customers after a data breach. Reputational damage also makes it harder to get new customers.
For an organization making $1M in annual revenue, a one-week shutdown represents $25,000 in lost revenue alone. Add in lost productivity and recovery costs and you’re looking at some serious financial damage from a single attack. Use our interactive Downtime Cost Calculator to see for yourself.
The lie of saving money on IT
John’s situation highlights a dangerous mindset that we see among business owners — viewing IT as an optional expense instead of an essential business investment. The result is short-sighted decisions that introduces long-term risk. For example:
- Choosing software based on price alone without considering security
- Using consumer-grade software for business-critical functions
- Refusing to pay for security features like multifactor authentication
- Delaying software updates and other security improvements
Our fully managed IT services, plus Microsoft licensing that includes security features we consider essential, would cost John about $1500 per month (or $18,000 annually). Compare that to:
- $10,000 for professional data recovery PLUS
- $10,000 for two days lost revenue PLUS
- Lack of IT support, administration, documentation, and strategic planning PLUS
- Systems and data that are still at risk for another breach PLUS
- Stress, reputational damage, and putting customer relationships at risk
Prevention is the only winning strategy
John was lucky. He had a technically skilled friend willing to work through the night. He had cloud backups for his critical inventory data. His attack was contained to one computer. Most businesses aren’t this fortunate.
Reality check
- Can you survive 1–2 weeks without revenue?
- Do you have $120,000 available for emergency IT recovery?
- Can you afford to lose one-third of your customers?
- Do you have the expertise to manage a cybersecurity crisis?
What you can do
You can take steps to protect yourself starting today. Network monitoring, regular software updates, user training, and account security all work together to keep your business safe. In John’s case, we recommended measures like:
- Enabling multifactor authentication on accounts
- Installing only necessary and trusted software
- Updating network firmware
- Configuring the VPN feature of his existing network equipment instead of using a third-party software VPN
- Using OneDrive as a basic cloud backup utility that offers version history
- Setting up Microsoft Defender controlled folder access, which protects against ransomware
- Installing monitoring tools
- Developing an incident response plan
What will you do?
Every day you delay investing in proper IT security, you’re gambling with the survival of your business. Cybercriminals count on small business owners to continue treating security as optional while they profit from your vulnerabilities.
John’s story could have ended very differently. All his computers could have been infected. He could have had to pay for professional data recovery, without a guarantee of success. His employees could have lost their jobs. His revenue could have plummeted and his 35-year-old business could have failed.
The question isn’t whether you can afford to invest in IT security. The question is whether your business can survive without it.
Next Steps
When you have the right people working together, you can implement systems and processes that actively help you reach your business goals. We sometimes call this IT maturity. But for many organizations, something is off when it comes to their partnerships, strategy, systems, and settings. How can you know what’s working well and where you have room for improvement? Start by taking our free IT Maturity Self-Assessment. You’ll walk away with some pointers and, if you want, a free appointment to discuss your results.
Not sure if you need managed IT services?
Take the IT Maturity Self-Assessment
In a few minutes, get actionable insights on your IT strategy, plus a free strategic consultation.
