What’s more profitable, ransomware or a Forbes Global 2000 business?

Ransomware is one of the most prevalent and impactful methods of extorting an organization or individual in the digital world. Based on new estimates from the FBI, CNN recently reported that cyber-criminals have collected $209 million in the first three months of 2016 from extorting businesses and institutions in order to unlock their computer servers.  At this rate, it’s on pace to be a $1 billion market by the end of the year.

To quantify that figure a bit, we looked at the 2016 Forbes Global 2000 list of the world’s biggest companies to see how their profits compared to that of the ransomware business. We chose to compare the profits of Global 2000 companies as ransomware infrastructure is relatively inexpensive and therefore almost a pure profit business. So how much more lucrative is the ransomware business than the legitimate business world?

The majority of companies,68.7 percent (1,375), in the Forbes Global 2000 are less profitable than the ransomware industry. This includes huge brands such as Amazon.com, BP, and Kraft Heinz Company, among others. The geographic breakdown shouldn’t be that surprising with the United States being home to 383 companies as compared to 112 in China, 63 in the United Kingdom, and 12 in Russia.

Note: There are 2001 companies listed in the 2016 Forbes Global 2000 with Hanwha Chemical and SBA Communications both coming in at the 2000 spot.

The data and interactive analysis for this list can be explored via Tableau here, or by clicking on the image below:
Screenshot 2016-07-05 11.03.43

The Tableau workbook can also be downloaded for your own analysis and to reproduce our findings. This information can be used to frame the magnitude of the problem as it relates to your organization, your existing security controls, and your allocated defensive security budget.
  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.