Ransomware is wreaking havoc on small-to-medium-sized businesses (SMBs) with increasing costs of downtime, according to the fourth annual Global State of the Channel Ransomware Report published by Norwalk’s Datto Inc.

The report, which surveyed more than 1,400 managed service providers (MSPs), charted an 85% increase of ransomware attacks against SMBs over the last two years — up from 79% in last year’s report — with 56% of MSPs reporting attacking against SMB client during the first half of this year.

The MSPs identified phishing emails as the main cause of the attacks, but the report also pointed out MSPs have enabled a two-factor authentication (2FA) security function on only 60% of email clients and 61% of password managers.

Datto also found that 64% of MSPs experienced a loss of business productivity for their SMB clients, while 45% admitted to business-threatening downtime. It put the average cost of ransomware-induced downtime at $141,000, a more than 200% increase over last year’s average downtime cost of $46,800.

Adding insult to injury, the cost of ransomware-induced downtime on SMBs is now 23 times greater than the average ransom request of $5,900. However, Datto pointed out that while 89% of MSPs insisted that SMBs should be very concerned about this digital threat, only 28% of the MSPs admitted that their SMB clients shared their agitation.

“MSPs need to set the tone for their SMB customers when it comes to preparing for and responding to ransomware attacks,” said Ryan Weeks, chief information security officer at Datto. “They need to protect themselves first by improving their organization’s cyber hygiene in order to keep their clients safe.

“MSPs must adopt 2FA universally for any technology they use to service clients, as well as their own business,” he added. “In a climate where cyberattacks have become an everyday occurrence, 2FA across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack.”