Ransomware Downtime Cost Calculator
Estimate the total impact of a ransomware attack from downtime, recovery and ransom.
Updated: June 26, 2026
The real cost of ransomware is downtime
When people picture a ransomware attack, they think of the ransom demand. But for most organisations the ransom is a fraction of the total — the dominant cost is downtime: every hour systems are offline, you lose revenue and your staff can't work. Add the cost of recovery (incident response, rebuilding systems, consultants) and the true number is often many times the ransom. This calculator adds those pieces up.
What goes into the estimate
- Revenue lost per hour — sales, transactions or billable work you can't process while down.
- Productivity lost per hour — idle staff: affected headcount × their loaded hourly cost.
- Downtime hours — ransomware recovery commonly runs days, not hours.
- Recovery cost — incident response, forensics, rebuilding, and hardening.
- Ransom demand — shown separately, because paying is generally not advised.
Why we separate the ransom
Law enforcement agencies broadly advise against paying ransoms: payment funds criminal operations, marks you as a willing target, and offers no guarantee of a working decryptor — many organisations that pay still can't fully recover. The calculator shows your total impact without the ransom as the headline, and the "if you paid" figure separately, so the trade-off is explicit.
Turning the number into action
A large downtime figure is the strongest argument for investing in prevention and resilience — tested, offline backups, network segmentation, and a rehearsed incident response plan that shortens recovery time. Use the security ROI calculator to compare this potential loss against the cost of those controls, and the breach cost estimator if data was also exfiltrated (modern ransomware usually steals data too).
An estimate, not a quote
Real incidents vary enormously. This tool is a planning aid to size the risk and prioritise resilience spending — not a prediction of any specific attack.
Frequently asked questions
What's usually the biggest cost in a ransomware attack?
Downtime. Lost revenue and lost productivity while systems are offline typically far exceed both the ransom and the technical recovery cost, because recovery often takes days or weeks.
Should we just pay the ransom?
Generally no. Authorities advise against it — payment funds crime, marks you as a target, and doesn't guarantee recovery. Many who pay still can't fully restore. Invest in backups and an IR plan instead.
How do I estimate productivity loss per hour?
Multiply the number of staff who can't work by their fully loaded hourly cost (salary plus overhead). Even partial impairment across a large team adds up fast.
Does this include data breach costs?
Not directly. Modern ransomware often steals data too. If that applies, add the breach impact using our data breach cost estimator.
Build ransomware resilience
The fastest way to cut downtime cost is to recover faster:
- Immutable / offline backup solution Tested, tamper-proof backups let you restore without paying — the single biggest lever on recovery time.
- Incident response retainer A pre-arranged IR team gets you back online faster, directly reducing the costly downtime window.
Learn more
- What Is Ransomware? How Attacks Work and What They Cost How ransomware actually works, why the ransom is often the smallest cost, and the handful of defenses that make the biggest difference.
- What Is a Data Breach? Causes, Costs and Response What counts as a data breach, the causes behind most of them, why the true cost dwarfs the headline fine, and how to prepare before one happens.
- Security ROI: How to Justify a Security Budget How to turn 'we should invest in security' into a number leadership respects — the ROSI model, with the inputs and pitfalls explained.
Related tools
- Security ROI (ROSI) CalculatorCompute the return on a security investment from expected loss and mitigation effectiveness.
- Data Breach Cost EstimatorEstimate the financial impact of a data breach from records exposed and per-record cost.
- Password Policy GeneratorTurn your password rules into a written policy plus Linux PAM and Windows config.
- GDPR Fine CalculatorEstimate the maximum GDPR penalty from annual turnover and infringement tier.