Businesses Take Bigger Hit in Productivity After Ransomware Attack Than Ransom Payment Itself

STAMFORD, Conn.–()–The full impact of a ransomware attack extends well beyond the ransom payment, according to GetApp’s 2022 Ransomware Impacts Survey of 300 ransomware victims. Only 11% of respondents say the ransomware payment was the most consequential impact of the ransomware attack. As ransomware attacks grow more severe, businesses must be prepared for attacks that reduce productivity, lead to lost revenue, and alter relationships with their clients or customers.

Over the past several years, ransomware attacks have been growing not only in number but also severity. In the survey, 60% of ransomware victims suffered a multifaceted extortion attack. In a multifaceted attack, the victim’s files are encrypted and a separate attack is launched to pressure victims to pay the ransom. As a result, ransomware attacks are much more successful with 58% of multifaceted extortion victims reporting that they pay the ransom compared to only 31% of standard ransomware attack victims.

For many victims, the complex nature of multifaceted attacks can bring normal business functions to a standstill. Respondents reported that the effects on productivity was a key pressure point that influenced them to pay the ransom. Among companies that paid the ransom, 70% reported that the attack made a major impact on productivity. Over one third (37%) of victims selected productivity losses as the single most consequential impact of a ransomware attack, more than any other effect surveyed.

Although productivity losses play a significant role in lost revenue, businesses also reported long term impacts on business performance. Over 60% of ransomware victims report losing a client due to a ransomware attack—38% lost multiple clients. Companies that aren’t able to effectively manage a ransomware attack face reputational harm that may damage their relationships with clients.

“The moment you find out you’re under attack from ransomware, chances are you’re already in for a significant financial burden, whether or not you decide to pay the ransom, ” says Zach Capers, senior security analyst at GetApp. “In fact, our research finds that one in three companies that don’t pay a ransom still face total recovery costs of more than $50,000.”

As the number of security incidents continues to rise, businesses need to prepare for new multifaceted attacks. It is critical for businesses to have a cybersecurity response plan so they can effectively handle the impacts of an attack. Visit to read the full report and find guides on creating a cybersecurity response plan.

About GetApp

GetApp is the recommendation engine small businesses need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. For more information, visit



Madison Martini