Don't Let Ransomware Hold Your Business Hostage

A cyberattack can start as easily as an employee opening an email attachment. This seemingly innocent click can activate a virus designed to infect their computer, lock their files and demand they pay a ransom to regain access.

 

This type of cyberattack, known as ransomware, is one of the most important cyber risks businesses need to understand, especially since ransomware attacks surged 25% in 2025 according to some estimates.¹

 

With the addition of AI, ransomware and other types of cyberattacks have increased and become more sophisticated. AI-generated voice, video and language can better personalize malware and make it more successful. It’s vital to educate employees to help protect your business from a potentially ruinous threat.

 

“A solid cybersecurity strategy with the ability to pivot to changing threats is essential for any business,” says Tony Dolce, global head of professional liability and cyber at The Hartford. “We’re seeing corporate leaders continue to note their concern for how the use of AI may enhance ransomware capabilities and increase risk.”

 

Ransomware is a type of malware. Short for malicious software, malware is programming that infiltrates systems with the intent to spy on users and steal or corrupt data. Ransomware goes a step further to lock business files and demand a ransom for the keycode to unlock them.

 

It is critical to know that when your business pays the ransom, it doesn’t mean attackers will actually send the key they promised. In fact, some attackers demand even more money from businesses that pay the original ransom. Factors your business should consider before paying the ransom include:

 

• If it’s possible to recover files from a backup instead
• How valuable the locked data is
• If your business can unlock its files with the help of an incident response firm

It’s easy to think the ransom amount is the only impact on a business if it’s attacked with ransomware. But the costs to recover from a ransomware attack add up. For example, the SafePay hacker group attacked Ingram Micro in July 2025. The IT distributor suffered an estimated $136 million loss in daily revenues from systems shutdowns and operational interruptions.²

 

Although the Ingram Micro incident is an extraordinary case, even the simplest ransomware can be harmful to a business.

 

“It’s not only about the impact on your bottom line or the inconvenience of managing a cyber issue,” says Dolce. “Ransomware and other types of malware attacks can affect your reputation as a safe and secure business.”

 

How long a business shuts down after a ransomware attack varies, but a research study found the average length of interruption to be 24 days in the United States.³ If you can’t run your business because of ransomware, it means you’re losing out on sales and revenue. Whether you’re a large or small business, any amount of downtime can put you at risk of permanently closing your company’s doors.

 

Although it’s important to make sure your business uses anti-malware software and runs updates regularly, ransomware protection starts with your organization’s employees. Human error was cited as a factor 60% of the time in business data breaches.⁴ The good news is there are steps you can take right now to improve your business’ security and train your staff on how to identify and prevent an attack.

 

You can take a proactive approach by educating employees about what ransomware is, how it works and the common ways it infects computers. It is important not to just conduct the training once a year, but to establish drills throughout in order to help employees identify and prevent a phishing attack. This can even include sending fake phishing emails to your own employees to get them used to not opening suspicious attachments.

 

The principle of least privilege only gives each employee enough access to do their job. That means if they don’t need access to sensitive information or restricted parts of the network, they won’t be able to get to it, which reduces the risk of ransomware spreading throughout the network. Overall, if they fall for a ransomware attack, your business won’t lose valuable files.

 

If you’re not following this principle, don’t panic. Take the time to review and update your employees’ privileges and access levels. Your business should only have a small number of employees with access to confidential or valuable files.

 

Multi-factor authentication adds another layer of security to help protect your business. This is sometimes called two-factor authentication, and it requires another device to access an account. For example, your employee might have to enter a one-time code sent to their phone after they enter their password. So, even if a hacker steals someone’s password, they won’t be able to log in without that other device. This will reduce the risk of cyber criminals gaining access to your network and applications in order to deploy ransomware.

 

Backing up your business’ files means you can access them again if your computer gets infected with ransomware. Instead of paying the ransom, your business can restore your computer to an earlier date or completely restore it altogether. This may mean you’ll lose your files, but because you backed them up, you have another copy.

 

It’s a good idea to keep your business’ data outside the network, because sophisticated ransomware can sometimes lock down an entire network.

 

Protecting your business from ransomware and other cyberattacks requires a multi-faceted approach. It’s important to have the proper protection and systems in place to help identify and stop cyberattacks, as well as train your employees to recognize and prevent future attacks.

 

Learn more about The Hartford’s cyber offerings.

 

 

¹ Threatdown, “2025 State of Ransomware,” viewed March 2026.

 

² Cyber Security News, “Ransomware Attack 2025 Recap - From Critical Data Extortion to Operational Disruption,” viewed March 2026.

 

³ Statista, “U.S. Average Length of Downtime After a Ransomware Attack 2022,” viewed March 2026.

 

⁴ Verizon, “2025 Data Breach Investigations Report Executive Summary,” viewed March 2026.

 

The information provided in these materials is intended to be general and advisory in nature. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of May 2026.