In 2020 and 2021, there has been a surge in ransomware attacks across the world in different working sectors. A complex mix of geopolitical and cybersecurity issues is driving this trend. Ransomware attacks have become exceedingly simple to carry out, and payment options have become even more enticing to cyber criminals. Meanwhile, as organizations become more reliant on digital infrastructure and more willing to pay ransoms, the motivation to break in is increasing.
From 2021 to 2028, the global cybersecurity market is predicted to grow at a CAGR of 10.9 percent, from USD 167.13 billion in 2020. The growing presence of cyber-attacks is responsible for the market’s rise. Over the last few years, the number and severity of cyber frauds and offenses have escalated, resulting in massive losses for corporations. In June 2021, the number of businesses affected by ransomware had increased to 1210.
According to Check Point Research (CPR), since the beginning of 2021, there has been a 41% increase in attacks, with a 93 percent increase year over year. Ransomware attacks grew to 1115 companies in May, and it reached 1210 businesses afflicted by ransomware per week in the first half of June. This represents a 20 percent spike in less than two months, a 41 percent spike since the starting of the year, and a 93 percent increase since June 2020.
Ransomware attackers have shown no declining trend in recent months, either in terms of volume or magnitude of attacks. Assuming CPR extracted the data concerning 1000 organizations, Africa has seen a 38 percent spike in attacks in the last two months, followed by Europe, which has seen a concerning 27 percent increase in cyber-crime.
Meanwhile, the Middle East reported a 21 percent increase. Latin America has seen the most significant surge in ransomware attack attempts since the beginning of 2021, with a 62 percent rise. Attacks increased by 59 percent in Europe and Africa witnessed a 34 percent sharp rise, followed by a 32 percent increase in ransomware incidents in North America.
As per Palo Alto Networks, ransomware crime has grown into a multi-billion-dollar business, with the average payment exceeding $310,000 last year, up by 171 percent from 2019. The U.S. government has pushed businesses to notify the FBI as soon as they are attacked and discouraged them from paying the ransom money to break the cycle. The Biden administration also promises an incentive to those who do end up paying: ransom payments may now be tax-deductible.
According to the decision, corporations that directly pay ransomware payments are completely entitled to demand a deduction. Business income must be regular and essential to be tax-deductible. Traditionally, companies could deduct losses resulting from more typical crimes like robbery or fraud; however, now there’s proposed tax relief for ransomware. The tax deduction has its restrictions. If the company’s loss is compensated by cyber insurance, then the company cannot deduct the insurer’s reimbursement.
In the aftermath of a succession of high-profile cyber hacks, the Biden administration is mulling over strategies to offset financial stress of companies smashed by ransomware. However, policies are to be made through a lot of critical considerations. To understand what the proposed ransomware tax relief would look like, let’s play a hypothetical situation. Let’s see how much a business can profit from this newly proposed incentive by the U.S. government.
In the United States, there are seven tax rates ranging from 10 percent to 37 percent at the federal level. Taking this into consideration, if the Federal government approves a 37% relief in taxes on the total ransomware attack payment, imagine the savings.
To add some context, let’s recall the shutdown of the Colonial Pipeline in May triggered by one of the largest ransomware attacks creating fuel shortages across the South. The corporation paid a $4.4 million ransom to restore operations. Now, if Colonial Pipeline can claim a 37 percent tax deduction on the total ransom paid, it can expect a return up to $16,28,000 in compensation.
Similarly, Following a hack in March, CNA Financial Corp, one of the largest insurance businesses in the United States, was shut out of their network for nearly two weeks. Finally, the ransomware decryption cost the organization $40 million. CNA can recover up to $14.8 million in this lawsuit.
An attack on JBS S.A., a multinational meat company, halted a quarter of American beef production for two days earlier this month, as the company shut down their computer systems to minimize the scope of the cyber-attack. According to news, JBS paid the hackers $11 million. As per our hypothesis, if the Federal government is serious about ransomware relief, JBS can claim up to $4.07 million under the 37 percent tax rate.
The essential issue is whether or not this new tax deduction policy on ransomware attack payments is a good move. Isn’t it a form of remuneration for the criminals? Instead of providing incentives, shouldn’t the government work to improve cybersecurity?