The Real Cost of Ransomware: How SMEs Can Safeguard Against Cyberattack Fallout

Ransomware remains the most prevalent malware threat for small and medium‑sized enterprises (SMEs). In the first half of last year, 61 % of managed service providers (MSPs) reported that their clients were hit—often multiple times in a single day.

Ryan Weeks, Chief Information Security Officer at Datto, notes that a recent survey of more than 150 European MSPs found that two in five SMEs have fallen victim to ransomware.

Ransomware report

Datto’s annual European State of the Channel Ransomware report tracks the threat from the perspective of the IT channel and its SME clients. The average ransom demanded has risen year over year, now hovering around £2,000 (€2,274).

The real nightmare begins after the attack. Ransomware inflicts significant downtime, which has climbed 300 % in Europe and 200 % globally.

Small organisations feel the brunt of the damage. On average, a ransomware incident costs European businesses £108,000 (€123,000)—a staggering 54 times the ransom amount.

Lost productivity

More than half of the MSPs surveyed say their clients lost business productivity after a ransomware attack. Additionally, 33 % reported data or device loss and a dip in client profitability. One in five businesses said the attack harmed their reputation, with lasting repercussions.

In a third of incidents, the malware spread to other network devices—and in some cases, remained on the network, striking again.

It is no surprise that over half of MSPs believe a ransomware attack could drive a company to bankruptcy.

Reliance on workable back‑ups

Recovery is possible, but paying the ransom is not recommended. Fast restoration depends on reliable, usable system backups. Because pinpointing the threat source or its persistence is difficult, MSPs employ multiple recovery methods.

Typical approaches include server re‑imaging, virtualising from a backup image, and running cleanup software. Every organisation, regardless of size, should have a robust remediation plan.

Here are nine steps every business should take to minimise its risk of being critically impacted by ransomware.

1. First, understand the threat and treat it with gravity: Datto’s survey shows an alarming disconnect—82 % of MSPs are ‘very concerned’ about ransomware, yet only 8 % of their SME clients share that concern, despite the business‑threatening downtime implications.
2. Guard against phishing emails: Phishing remains the leading cause of successful attacks (65 %), followed by insufficient security training and weak passwords or poor access management. Poor user practices can be the weakest link, so train all employees on how to handle suspicious emails or websites. Training must be regular and mandatory.
3. Implement two‑factor authentication: Strong identity and access management reduces the risk of intruders.
4. Prioritise patch management: Fixing known security vulnerabilities should be top priority—install patches as soon as they’re released.
5. Don’t rely solely on traditional defenses: Clients often fall victim to ransomware even with antivirus, email filters, and endpoint detection in place. These tools are essential but not sufficient.
6. Agree on a comprehensive BCDR strategy: To minimise downtime, focus on keeping operations running during and after an attack. A reliable business continuity and disaster recovery (BCDR) solution that creates regular system backups is the most effective weapon against ransomware. Two in three MSPs reported that victims with a BCDR solution recovered within 24 hours or less.
7. Protect your cloud assets: One in five MSPs reported ransomware attacks in SaaS applications such as Office 365 and Dropbox. Because ransomware can spread across networks and applications, endpoint and SaaS backup solutions for rapid restores are critical.
8. Outsource IT security when needed: Strategy Analytics found that SMEs that don’t outsource are at greater risk. If you cannot afford full‑time, qualified IT staff for 24/7 monitoring, partner with an MSP that can anticipate and react to the latest threats.
9. Choose your MSP carefully: MSPs themselves can become ransomware targets. Verify that your MSP has a solid disaster recovery plan for all eventualities, carries cyber‑liability insurance, and can call upon external expertise if a large‑scale attack affects both them and their clients.

Nine in ten MSPs predict the ransomware threat will only grow, with IoT devices and social‑media accounts among the next targets. Act now and be prepared.

The author is Ryan Weeks, chief information & strategy officer at Datto.