Vidović, N., Cvetković, V. M., Beriša, H., & Milašinović, S. (2025). Understanding Ransomware Through the Lens of Disaster Risk: Implications for Cybersecurity and Economic Stability. International Journal of Disaster Risk Management, 7(1), 247–264.

Article

Understanding Ransomware Through the Lens of Disaster Risk: Implications for Cybersecurity and Economic Stability

Nikola Vidović1, Vladimir M. Cvetković 1,2,3*, Hatidža Beriša4, Srđan Milašinović5

1 Faculty of Security Studies, University of Belgrade, Gospodara Vucica 50, 11040 Belgrade, Serbia; vmc@fb.bg.ac.rs (V.M.C); vidovicnikola.finance@gmail.com (N.V.);

2 Safety and Disaster Studies, Chair of Thermal Processing Technology, Department of Environmental

and Energy Process Engineering, Montanuniversitaet, Leoben, Austria; vladimir.cvetkovic@unileoben.ac.at

3 Scientific-Professional Society for Disaster Risk Management, Dimitrija Tucovića 121, 11040 Belgrade, Serbia;

4 University of Defence, Military academy, Belgrade – Republic of Serbia, Veljka Lukića Kurjaka 1, 11000 Belgrade, hatidza.berisa@mod.gov.rs.

5 University of Criminal Investigation and Police Studies, Cara Dušana 196, Belgrade, srdjan.milasinovic@kpu.edu.rs.

* Correspondence: vidovicnikola.finance@gmail.com.

Received: 30 December 2024; Revised: 14 February 2025; Accepted: 13 April 2025; Published: 30 June 2025.

 

abstract

 

 

keywords

 

Ransomware has emerged as a modern digital crisis, mirroring the widespread disruptions typically associated with natural or artificial disasters. As global economies grow increasingly interconnected through digital systems, the fallout from ransomware attacks stretches far beyond mere technical breaches. These incidents result in severe financial damage, disrupt operations, erode reputations, and contribute to broader socioeconomic instability. This study adopts a disaster risk perspective to examine the broader economic and social impact of ransomware, particularly its effects on critical infrastructure and public trust in institutions. Through a multi-case analysis of sixteen significant ransomware attacks between 2015 and 2025, the research highlights a recurring pattern: direct and indirect costs often compound, with impacts varying from ransom demands and halted services to reputational loss and sector-wide vulnerabilities. The rise of Ransomware-as-a-Service (RaaS) has also made these attacks more accessible and complex, deepening the threat landscape. The findings underscore the need to integrate cybersecurity into comprehensive disaster risk management strat- egies. Policymakers, institutions, and businesses must adopt a forward-looking approach—empha- sising continuous risk evaluation, resilient digital infrastructure, and collaboration across sectors. To protect economies from escalating cyber threats, adaptive regulations and anticipatory defences are no longer optional—they’re essential.

Ransomware; cybersecurity; disaster risk; digital economy; financial impact; critical infrastructure; cyber resilience; socio-economic consequences; risk governance; ransomware-as-a-service (RaaS).

Copyright: © 2024 by the authors.

Vidović, N., Cvetković, V. M., Beriša, H., & Milašinović, S. (2025). Understanding Ransomware Through the Lens of Disaster Risk: Implications for Cybersecurity and Economic Stability. International Journal of Disaster Risk Management, 7(1), 247–264.

 

1. Introduction

   In the current digital economy, over 60 per cent of commercial transactions occur online, expos- ing cyberspace to vulnerabilities and necessitating high-quality security for optimal and transparent transactions (Valackienė & Odejayi, 2024). Insights from last year’s World Economic Forum (2024) underscore that global financial stability faces threats from the rising frequency and sophistication of cyberattacks. Tactics have evolved through the use of artificial intelligence, ransomware-as-a-ser- vice, and advanced social engineering techniques, enabling attackers to bypass traditional cyber defences. This notion is further supported by various insurance companies assessing cybersecurity risks in businesses (Hiscox Group, 2024), which highlights the crucial role of cybersecurity in the global economy (Kala, 2023). More than 5. 4 billion people and countless groups and organisations actively use the internet. According to estimations and remarks from Kuzior et al. (2022, 2024), the digital transformation market is projected to grow from $ 469.8 billion in 2020 to $ 1.01 trillion in the 2025 business year. It may reach up to $ 3.9 trillion by 2027, with a compound annual growth rate of 16%. 1%.

    

   Despite the increasing literature on ransomware’s technical elements, there remains a short- fall in integrated analysis connecting financial impacts to broader disaster risk perspectives (Cvet- ković, Renner, & Jakovljević, 2024; Jurišić & Marceta, 2024; Mokhele, 2024; Molnár, 2024; Rebouh, Tout, Dinar, Benzid, & Zouak, 2024; Umer, 2024; Vidović, Cvetković, & Beriša, 2024). Understand- ing the economic stability implications of ransomware and its effects on critical infrastructure and public trust is a significant research gap in the realms of cybersecurity and risk governance. While numerous studies have delved into the technical dissection of ransomware attacks, few have investi- gated their broader consequences on financial stability, sectoral resilience, and public trust through a holistic, disaster- centric analytical framework (Axon, Erola, Agrafiotis, Uuganbayar, Goldsmith, & Creese, 2023; Benmalek, 2024; Connolly, Wall, Lang, & Oddson, 2020; Goodell & Corbet, 2022; Molina, Torabi, Sarieddine, Bou- Harb, Bouguila, & Assi, 2022; Mott et al., 2024; Pattnaik et al., 2023; Reshmi, 2021; Wollerton, 2023; Zimba & Chishimba, 2019). This research seeks to address this gap. Given the increasing intensity, frequency, and extensive impact of ransomware attacks, these inci- dents lend themselves to interpretation within a disaster risk framework.

   According to the United Nations Office for Disaster Risk Reduction (UNDRR), disaster risk is defined as the potential loss of life, injury, or destroyed or damaged assets that could occur to a system, society, or a community in a specific period, determined probabilistically as a function of hazard, exposure, vulnerability, and capacity (Cvetković, 2023; Cvetković, 2024a, 2024b; Cvetković & Grbić, 2021; Cvetković, Nikolić, & Ivanov, 2023; Cvetković & Renner, 2024; Cvetković & Šišović, 2024; Cvetković, Tanasić, Renner, Rokvić, & Beriša, 2024; Cvetković, 2024a; Cvetković, Dragašević, Protić, Janković, Nikolić, & Milošević, 2022). When viewed through this lens, ransomware can be seen as a digital hazard that disrupts systems at scale, amplifies vulnerabilities, and tests institution- al readiness to absorb and recover from shocks. Like natural or technological disasters, ransomware strikes often occur abruptly, cause widespread disruption, and require coordinated responses across multiple sectors (Al-ramlawi, El-Mougher, & Al-Agha, 2020; Aleksandrina, Budiarti, Yu, Pasha, & Shaw, 2019; Carla, 2019; Cvetković, 2019; Cvetković & Janković, 2020; Cvetković & Martinović, 2020; Cvetković Šišović, 2024; Cvetković, Tanasić, Ocal, Kešetović, Nikolić, & Dragašević, 2021; Kumiko & Shaw, 2019; Perić & Cvetković, 2019; Vibhas, Bismark, Ruiyi, Anwaar, & Rajib, 2019; Wedawatta, 2012). This perspective broadens the understanding of ransomware—framing it not solely as a cy- bersecurity issue, but as a form of digital disaster with profound economic, societal, and institution- al implications.

   Scalability and anonymity uniquely characterise cyberattacks (Tarter, 2017). As digital transfor- mation accelerates, vulnerabilities proliferate across customer channels (Farahbod et al., 2020), affect- ing business operations, supply chains, and human capital. This occurs unless security is integrated into the initial designs (George et al., 2024). The increasing complexity of cyberspace exacerbates cyber inequalities, widening the gap between large and small businesses and deepening the divide between developed and emerging economies, creating sectoral disparities (World Economic Forum, 2025). Securing a digital future is crucial in this age of technological advancement and interconnect-

   edness. This commitment to effective cybersecurity is essential for individuals, organisations, and societies (Cobos, 2024; Thakur, 2024).

   The central aim of this paper is to examine ransomware as a complex, multidimensional threat that extends beyond traditional cybersecurity narratives. These narratives often focus narrowly on technical vulnerabilities, breach response, and system recovery, without addressing the broader sys- temic, financial, and social ramifications of large-scale cyber incidents. By situating ransomware within the broader framework of disaster risk, the study evaluates its immediate financial impacts— such as ransom payments, recovery expenditures, and operational disruption—and its longer-term effects, including reputational harm, institutional instability, and socio-economic disparities. This perspective offers a more comprehensive understanding of ransomware as a digital hazard with systemic implications, capable of eroding economic resilience, compromising critical infrastructure, and eroding public confidence in both governmental and private institutions. Ultimately, the paper seeks to inform the development of integrated risk governance strategies that reflect the dynamic and interconnected nature of today’s cyber threat landscape. Methodologically, the study draws upon a structured qualitative framework rooted in multiple case studies. The selected cases span di- verse geographical and sectoral contexts and are analysed using thematic coding to identify patterns of financial loss, institutional disruption, and socio-economic consequences.

    

   Additionally, this study employs a multiple case study framework, examining sixteen globally significant ransomware incidents that occurred between 2015 and 2025. The analysis draws on var- ious sources, including institutional documents, academic publications, and financial reports. The paper is organised as follows: Section 2 reviews the theoretical underpinnings and economic dimen- sions of cyberattacks; Section 3 introduces a classification of ransomware threats; Section 4 details the research methodology; Sections 5 and 6 analyse the financial, economic, and social impacts; and Section 7 concludes with key takeaways for policy and practical applications.

   Metods

   This research employs a qualitative-descriptive approach, utilising multiple case studies to exam- ine the financial, operational, and societal impacts of ransomware, with a focus on its disaster-like effects and sector-wide ripple effects. A purposive sampling method was used to select sixteen sig- nificant ransomware cases from 2015 to 2025. These incidents involved private companies, pub- lic entities, critical infrastructure, and even national governments. Selection criteria included data availability, the scale of financial impact, and variation in attack methods and targeted sectors. Data were sourced from various sources, including peer-reviewed studies, institutional reports, cyberse- curity datasets, published financial records, and media coverage.

   A structured thematic analysis was employed to explore the complex impacts of ransomware attacks. The findings were organised into four main categories: (1) direct financial losses, including ransom payments, data recovery costs, and downtime-related expenses; (2) indirect financial loss- es, such as rising insurance premiums, legal and compliance costs, and revenue decline from lost customers or contracts; (3) broader economic disruptions, encompassing supply chain breakdowns, service delays, productivity losses, and liquidity challenges; and (4) reputational and societal effects, including diminished public trust, psychological strain on employees and citizens, breaches of data privacy, and weakened institutional credibility. This framework provides a comprehensive view of ransomware—not just as a cybercrime, but as a disruptive phenomenon with devastating conse- quences across economic and social domains. To frame these findings, the study adopts a disaster risk perspective, treating ransomware as a complex socio-technical threat that can destabilise econo- mies and weaken infrastructure resilience. Cross-case comparisons revealed recurring patterns and vulnerabilities, providing the basis for informed policy discussions and governance recommenda- tions in cyber risk management.

2. Impact of cyber attacks on digital society and economy

   The COVID-19 pandemic has prompted many business entities, primarily from the public and private sectors, to adopt a hybrid business environment that incorporates remote work. Initially, it had a positive impact on both the human capital of companies and their economic and financial results. However, it has also caused an exponential increase in risks due to the use of unsecured de- vices and applications based on Cloud directories for data transfer (Rahman & Islam, 2022), thereby expanding the exposure of companies to potential attacks, while at the same time, cybercriminal ac- tors are taking advantage of this established dependence of individuals and legal entities on digital technologies (Cook et al., 2023).

    

   Table 1. Regional distribution of the cost impact of cyberattacks. Source: Authors calculation based on data (Sviatun, et al., 2021).

   Area / Region	Regional GDP (in trill. $)	Costs of cyberattacks (in bill. $)	Losses caused by cyber attacks (in % of GDP)
   North America	20.2	140-175	0.69-0.87
   Europe & Central Asia	20.3	160-180	0.79-0.89
   East Asia and the Pacific	22.5	120-200	0.53-0.89
   South Asia	2.9	7-15	0.24-0.52
   Latin America and the Caribbean	5.3	15-30	0.28-0.57
   Sub-Saharan Africa	1.5	1-3	0.07-0.20
   Middle East and North Africa	3.1	2-5	0.06-0.16
   Global	75.8	445-608	0.59-0.80

   A territorial diversification of the impact of costs and losses from cyber incidents and attacks has been identified, which we see in the results of the authors’ empirical research (Sviatun et al., 2021) that the highest loss rate as a percentage of GDP is determined in Europe and Central Asia, North America and East Asia and the Pacific, and countries from these regions are characterised by high in- come and income rates, more advanced technological infrastructure, a high degree of urbanisation, education, and business digitalisation (Tariq, 2018).

   Globally, the impact of cyberattacks on the world economy is significant (Schwarz et al., 2021), as this sophisticated social phenomenon is rooted in deep and comprehensive geographical and soci- oeconomic causes (Chen et al., 2023). Cyber threats also impact an organisation’s revenue, reducing it through lost sales, contracts, market share, additional funding, or licenses. In a business context, these typically include marketing and commercial aspects related to sales. However, we also consid- er that some revenue may not necessarily have such an origin, for example, in public and non-profit organisations (Couce-Vieira et al., 2020).

   A cyber incident that disrupts the functioning of vital service segments of critical infrastructure can cause widespread chaos, endanger lives, and cause long-term socioeconomic damage to the economy. While the security of digital components in critical infrastructure serving essential servic- es is crucial to maintaining resilience, the combination of digital capabilities and physical compo- nents introduces new potential risks arising from the combined effect of digital vulnerabilities and the complexity of the physical world (International Chamber of Commerce, 2024).

3. Vector modalities and attack classification

   The digital age has given rise to a wide range of cybersecurity threats that exploit vulnerabilities in technology, processes, and human behaviour (Thakur, 2024). Ransomware, malware, and distrib- uted denial-of-service (DDoS) attacks are examples of evolving cyberattack methods (Cremer et al., 2022).

   Of the above vector modalities, ransomware attacks are classified as a distinct form of high-tech crime experiencing the highest growth rate for years. According to research by Putnik et al. (2022), estimates indicate that every 11 seconds, one legal entity becomes a victim of a ransomware at- tack. Unlike viruses that attach to trusted files or applications and damage or destroy them when launched, worms are a type of malicious software that spreads without user interaction, causing net- work congestion, computer system slowdowns, or disruptions in basic operating processes (Thakur, 2024), the evolution of ransomware through improvements in the use of encryption and attack vec- tors, developed attack monetisation modalities, and financial flows through digital payment curren- cies, which provide discretion of the identity of the contracting party in repayments, defines it as the prevailing malware today (August, et al., 2019). Since this attack modality is based on extortion, it infects a computer system. Furthermore, it prevents access to files, data, and other confidential information, as well as access to the entire system.

    

   Initially, they implied human interaction, however, looking at the genesis of development, today it is not necessary for the initial infection and its spread through a computer system, where it is characterised by the characteristics of a worm malware, which moves from the infected to unpro- tected systems in the same computer network without interaction and additional participation of the attacker (August, et al., 2022). Today, ransomware, the fastest-growing and most complex type of cyberattack, does not require technical knowledge and has a broad scope of action, providing anonymity to the attacker. As a result, it poses a serious risk to global economic flows (Chin, 2024).

   The relentless evolution of malicious software poses a significant challenge to cybersecurity, with ransomware emerging as a ubiquitous and destructive threat (Krivokapić et al., 2023). Malware, designed to disrupt electronic devices, constantly evolves, hampering efforts to mitigate its impact. The lack of public disclosure regarding malware attacks, driven by concerns about sensitive infor- mation and potential reputational damage, hinders collaborative prevention efforts and makes com- prehensive research difficult (Muniandy et al., 2024).

   Its attack cycle includes exploitation, infection, delivery, execution, backup manipulation, file encryption, user notification, and cleanup (Muniandy et al., 2024). New techniques have increased the profitability of attacks and the likelihood of success. This includes targeting high-value business entities and ransomware as a service (Gulyas & Kiss, 2023), where ransomware criminals sell cus- tomised software packages to the user (The Financial Action Task Force, 2023).

   Ransomware as a Service (RaaS) refers to a criminal business model in which ransomware crim- inals provide ransomware software kits on the Dark Web or engage in elements of a ransomware attack, including malware distribution, initial compromise of the victim’s network, data exfiltration, or ransom negotiations for affiliates in exchange for a fee and/or a percentage. Criminals may also purchase stolen credentials to access and exploit victim systems, enabling ransomware distribution, and may obtain intelligence on specific industries in specific jurisdictions to inform their targeting and maximise the effectiveness of their attack (The Financial Action Task Force, 2023). The RaaS model has reduced the cost and technical expertise required to conduct ransomware attacks, thereby lowering the barriers to entry and enabling less sophisticated criminals to engage in such activities.

   As one case study in this research, ransomware is an economically destructive phenomenon that leads to real-world security consequences that often exceed the costs of paying the ransom. In ad- dition to the loss of revenue that an organisation may suffer, other costs may be obvious, some may not. The more obvious costs include paying the ransom (if paid), remediation of the incident, new hardware, software, and incident response services, insurance deductibles, legal fees and litigation, and public relations (Seng et al., 2024).

   Financially motivated ransomware attacks utilise vectors such as email, spam, and phishing, making tracking difficult due to the use of virtual currencies like Bitcoin to pay ransoms. Sever- al notable ransomware variants, including: BadRabbit, BitPaymer, Cerber, Cryptolocker, Dharma, DoppelPaymer, GandCrab, Locky, Maze, MeduzaLocker, NetWalker, NotPetya, Petya, REvil, Ryuk, SamSam, and WannaCry, have contributed to this evolving threat landscape (Muniandy et al., 2024), some of which are sampled for analysis in this study.

4. Classification of ransomware costs and expenses

   A comprehensive approach to the economic aspects of cybersecurity must include a thorough consideration of the direct and indirect costs of cybersecurity measures, as pointed out by research- ers (Lis & Mendel, 2019), and the expected damage caused by cyberattacks, especially the type of ransomware attacks studied in the cyberspace of the digital economy. Financial motives for cyber incidents and attacks are the dominant motive in their analysis, accounting for 74% of detected cyber incidents globally and 80% in high-income countries, according to Cobos (2024). In contrast, only 41% of detected incidents in developing countries were primarily financially driven.

   By differentiating costs in accounting, a clear division has been formed into direct and indirect costs arising from a cyber attack (Cashell et al., 2004). In this case, direct costs include returning the entire computer system to its original state before the cyber incident, which include additional expenditures on labor and materials but also depend on increased resource expenditures on cyber- security (software or hardware upgrades).

    

   Direct cost is the monetary equivalent of losses, damage, or other suffering experienced by an individual victim as a result of a cyberattack, which includes the loss of monetary value and related inconvenience (Wang et al., 2019). When accounting for and treating investment costs in cybersecu- rity, it is necessary to consider, according to Kunzler (2023), the investment matrix that balances the potential costs of a cyber attack, its associated risks, and the costs of security measures. Then there are the costs arising from the interruption of the entity’s operational business, which include lost revenue from the sale of goods, works and services, as well as the loss of productivity, which, under the influence of the domino factor, spreads to customers (Fotis, 2024) but also suppliers (Jimmy, 2024), as well as to the entire organisation (Onuka et al., 2023).

   Indirect costs include the type of costs that tend to increase after a cyberattack and immediately after the initial damage to the business entity is repaired, and arise from loss of reputation, damage to the brand, loss of customers, insurance costs and premiums (ThankGod, 2024), litigation and tax costs, economic damage to the parent entity’s subsidiaries, higher investments in cybersecurity for preventive response and opportunity costs of budget resource allocation. They are mainly associat- ed with the economic concept of negative externalities on third parties (Lis & Mendel, 2019). There- fore, indirect costs are characterised by a predominantly intangible nature (Wang et al., 2019), and their consequences are multiple because they affect different aspects of the business, consumers and the broader economy (Cobos et al., 2024).

   Table 2. Typology of the most significant direct and indirect losses and costs caused by ransomware attacks.

   Direct losses	Indirect losses
   Payment of the ransom	Recovery process which includes investigation costs, verification costs for checking the system (diagnostics and remediation) and restoration costs to restory the system to the network (testing)
   Data breach	Loss of data as an operating loss caused by busi- ness interruption
   Other claims for liability for losses suffered by third parties	Loss of customers and business clients
   The market value or replacement value of the property or servicies destroyed	Loss of reputation

   The critical distinction between the direct and indirect costs of ransomware attacks lies in the exponential growth potential of indirect losses arising from them, compared to the finite limit of direct losses. This dynamic represents a disproportionate burden on society (Cobos, 2024) and has far-reaching consequences for the digital economy, which spills over into the real physical economic sector and business.

5. Analysis and financial assessment of the consequences

   The analysis reveals that cybersecurity is a multidimensional, heterogeneous, and dynamic chal- lenge among countries, which may face different optimisation problems depending on their threat environment (Cobos, 2024). It encompasses economic, political, social, digital, and technical-tech- nological aspects. The distribution and proliferation of detected cyber incidents by income and ge- ographical regions are complex and influenced by several interrelated factors, such as economic prosperity, political stability, cybersecurity capacity, and geopolitical tensions (Cobos et al., 2024).

   Investing in security technologies represents a capital expenditure. However, as Lee (2021) states, the optimal investment comes at the point where the marginal increase in the price of a cyber in- vestment is equal to the marginal reduction in the financial loss from a cyber attack. Analysing the subject sample through case studies, it was found that the implementation of robust cybersecurity measures effectively reduced the occurrence of financial data breaches. Through comprehensive en- cryption protocols and multi-factor authentication, organisations were able to improve the security of sensitive financial information (Grace, 2023).

    

   Based on available data, the median reported direct loss and damage to a company from all cyber incidents was around $0.4 million, with three-quarters of reported losses below $2.8 million (Inter- national Monetary Fund, 2024). However, the distribution is highly skewed, with some incidents incurring losses of hundreds of millions of US dollars and accumulating financial damage of several billion dollars. Such extreme losses can lead to liquidity problems for business entities and even threaten their solvency.

   Ransomware can cause significant negative consequences for the victim, including non-recovery and recoverable costs. The various types of damages that can occur include financial losses, such as ransom payments and the recovery process, operational losses caused by business interruption, and data loss resulting from data breaches, which will be discussed in detail below. However, ransom- ware can also affect third parties, giving rise to liability claims for losses suffered by these parties, including loss of customers and reputational damage (Krivokapić et al., 2023).

   Econometric analysis suggests that digitalization and geopolitical tensions significantly increase the risk of cyber incidents (International Monetary Fund, 2024). Based on an extensive survey of available data from previous empirical research, literature, news articles, and official databases of international institutions reporting on cyber attacks, the analysis identified the factors of financial damage, expenditures, and costs caused by ransomware attacks in a sample of 16 case studies over the period 2015 to 2025.

   Table 3 outlines the direct and indirect financial damages linked to sixteen major ransomware incidents reported between 2015 and 2025. Direct losses range from moderate figures—such as $1.87 million in the Technion University case—to extreme levels, including the $10 billion damages re- ported in the MOVEit and NotPetya attacks. While direct costs are often substantial, indirect losses carry even more profound implications. These include legal fees, regulatory fines, system recovery expenses, and long-term disruptions to business continuity. Particularly severe financial impacts were observed in cases involving critical infrastructure and healthcare systems. Overall, the findings underscore the disproportionate growth of indirect costs relative to direct ones, highlighting the potential of ransomware to trigger systemic economic instability.

    

    

   Nikola Vidović, Vladimir M. Cvetković, Hatidža Beriša, Srđan Milašinović

    

   Case study

    

   Case study

    

   Financial damage, expences and costs

   Indirect

   $15.2 million in damages and further costs of service interruptions, loss of revenue from disabled apps and services, legal costs, class action lawsuit

   $70 million

    

   Loss of revenue due to service interruptions, legal costs and capital expenditures for system restora- tion

   $1.66 billion (2.4% of the country’s GDP)

    

   $4,4 million

    

   Estimated losses of over $420 million per day. Costs due to downtime in operations include loss of revenue, breach of contractual obligations, and increased operating costs resulting from system restoration and crisis management.

   Increased costs for repairs and restoration of the system. Negative impact on import/export logistics.

    

   $10 billion

    

   Multiplier factor of ongoing costs (operating costs due to business downtime, legal costs and damages to affected users)

   $1.87 million (80 bitcoin – BTC)

    

   $22 million

    

   Postponement of exams, blocking networks, temporary loss of access to data, blocking of the website. Loss of reputation and trust in academic institutions.

   $8.87 billion ($2.87 billion – response costs and $6 billion – assistance to health care providers, as well as litigation costs)

   Company “Enel Group” (2020)

    

   $14 million

    

   $5,7 million

    

   Costs for system recovery, loss of confidence in security, increased costs on technological improve- ments

   Company “Garmin” (2020)

    

   $10 million

    

   Direct

   Financial damage, expences and costs

    

   No.

    

   Indirect

   9

    

   Company

   „Kaseya Inc.“ (2021)

    

   Costs for remediation of damage to computer systems and restoration of operational processes, loss of production, loss of reputation

   10

    

   $30 million

   11

    

   Company

   „Colonial Pipeline“ (2021)

    

   Republic of Costa Rica (2022)

    

   Costs caused by the loss of important data can result in significant disruptions to the functioning of organisations. Loss of productivity where business entities were forced to invest large amounts in the recovery of the system, which led to exponential growth in operating expenses

   12

    

   Losses due to production disruptions, delivery delays, and additional costs for recovery and investments in cyberse- curity

   13

    

   University and Research Institute “Technion” (2023)

    

   Data Trans- fer Software “MOVEit” (2023)

    

   Millions of dollars in losses due to impact on key services and organisations

   14

    

   Loss of data, downtime, loss of reputation

   15

    

   Company

   „Change Healthcare Inc.“

   (2024)

    

   Loss of data, reputational damage, disrupted operation of organisations

   16

    

   Company “Southern Water” (2025)

    

   $84.02 million (data recovery expenses, legal fees, and disclosure fees – company GDPR compliance penalties)

   Table 3. Analysis of financial damage, expences and costs of ransomware attacks

   in period 2015-2025 business year. Source: authors calculation and research.

    

   No.

    

   1

    

   2

    

   3

    

   4

   Malicious program code “NotPetya” (2017)

    

   5

   Ransom- ware attack

   „WannaCry“ (2017)

    

   6

   Ryuk Ran- somware (2018–pres- ent)

    

   7

    

   8

    

   SamSam Ransomware (2016-2018)

    

   Locky Ran- somware (2016-2018)

    

   DoppelPaymer Ransomware (2019-present)

    

   Cryptolocker (2015)

    

   $18 million

    

   $6 million

    

   $1 billion

    

   $10 billion

    

   $4 billion

    

   $150 million

    

   $43,27 million

    

   Direct

    

    

    

    

    

    

    

    

    

   Table 4 broadens the focus by categorising each incident’s economic and social outcomes. A con-

   sistent pattern emerges: essential services—such as healthcare, transportation, education, and public administration—are frequently disrupted. These service interruptions are often accompanied by public distrust, reputational setbacks, and heightened psychological stress. In critical cases, such as

   254

   International Journal of Disaster Risk Management • Vol. 7, No. 1 •

    

    

   Company “Garmin” (2020)

    

   Consequences Economic

   Case study

   9

    

   Social

   Consequences

   No.

    

   Case study

    

   Economic

   No.

    

   Increased risk of future attacks, reputa- tional damage, system restoration costs, and legal costs

   10

    

   Company

   „Kaseya Inc.“

   (2021)

    

   255

   International Journal of Disaster Risk Management • Vol. 7, No. 1 •

    

   Disruption of many companies, in- creased renewal costs, legal processes, decline in trust in the IT sector

   Company

   „Colonial Pipeline“ (2021)

    

   Republic of Cos- ta Rica (2022)

    

   Fuel outages were reported across the U.S. Southeast, especially in states such as Georgia, North Carolina, and Virginia. People panicked and rushed to buy fuel, which led to shortages at the supply stations.

   Loss of personal data, stress for individuals, erosion of trust in data security

   Deterioration of public confidence in the safety of infrastructure, stress for citizens

   Erosion of user and patient trust, stress for employees, data privacy risks

   11

    

   Increased distrust in public and

   Huge drop in production, inter- ruption in operations, long-term consequences on business produc- tivity

   Table 4. Analysis of economic and social consequences of ransomware attacks

   in period 2015-2025 business year. Source: Authors calculation and research.

    

   1

    

   2

   SamSam Ransom- ware

   (2016-2018)

    

   Cryp- tolocker (2015)

    

   Significant disruptions in work processes, increased recovery costs, loss of efficiency

    

   3

    

   Locky Ran- somware (2016-2018)

    

   Increased recovery costs, loss of trust in IT security, large techno- logical investments for recovery

   4

   Malicious program code “NotPetya” (2017)

    

   Significant losses have been re-

   Disruptions in fiscal and tax systems, non-payment of salaries to employees,

   private financial institutions, a de- ported in global companies such as

   Understanding Ransomware Through the Lens of Disaster Risk: Implications for Cybersecurity and Economic Stability

    

   12

    

   crease in spending, and a negative Maersk, FedEx, and Merck, among impact on confidence in the health others. Disruption in the transport

   paralysis of public services.

    

   13

    

   Data Trans- fer Software “MOVEit” (2023)

    

   Global revenue losses for affected firms and organisations, loss of competition in specific sectors

   14

    

   University and Research Insti- tute “Techn- ion” (2023)

    

   Disruptions to the university’s work, including the postponement of impor- tant academic activities such as exams, affect students and the academic calen- dar. Potential risk to research and sensi- tive data in the field of cybersecurity.

   15

   Company

   „Change Healthcare Inc.“

   (2024)

    

   Severe disruptions in the processing of medical claims and payments,

   significant disruptions in the healthcare industry

   16

    

   Company “Southern Water” (2025)

    

   Loss of data, interruption in water supply, damage to reputation

   sector, as vaccine production was interrupted.

   Disruptions to public services, especially in health care facilities, cancellations of 19,000 medical appointments, loss of life in some cases, negative impact on the business of NHS, FedEx, Telefónica, and others

   Deterioration of public trust in data and infrastructure security, stress for workers and citizens

   Potential loss of life (in the case of the Düsseldorf hospital), violation of public trust, stress for employees

   Potential loss of customer trust, impact on reputation and data security

   and logistics sector. Increase in the

   price of goods that did not arrive on time.

   5

    

   Ransomware attack „Wanna- Cry“ (2017)

    

   The enormous damage to large corporations, particularly in industries such as healthcare and logistics, has a significant econom- ic impact on a global scale.

   6

    

   Ryuk Ransom- ware (2018– present)

    

   DoppelPaymer Ransomware (2019-present)

    

   Major business interruptions, disruption of public services (especially in health care and municipalities)

   7

    

   Significant recovery costs, loss of trust in IT security, high costs of legal and security services

   8

   Compa- ny “Enel Group” (2020)

    

   Huge financial costs on restoring the system and recovering from attacks

    

    

    

    

    

    

    

    

    

    

   WannaCry and the Colonial Pipeline incident, the consequences escalated into public safety con-

   cerns, prompting governmental intervention and emergency actions. This division between eco- nomic and social impacts further highlights the multifaceted nature of ransomware, which resem- bles disaster events in its capacity to disrupt digital infrastructures and societal stability.

    

    

   No.

    

   Cryptolocker SamSam Ran-

    

   Vector methodology of cyber attack and incident

   Table 5. Analysis of vector metodology of ransomware attacks

   in period 2015-2025 business year. Source: Authors calculation and research.

    

   1

    

   (2015)

    

   Phishing emails, malicious attachments, data encryption, and ransom demand

   2

    

   somware (2016-2018)

    

   256

   International Journal of Disaster Risk Management • Vol. 7, No. 1 •

    

   Manual delivery, attacks on JBoss servers, abuse of RDP and VPN vulnerabilities, privilege escalation, subsequent data encryption

   3

    

   Locky Ransomware (2016-2018)

    

   Phishing attacks utilise malicious Word documents to trigger macros, resulting in ransomware down- loads. Once activated, Locky encrypts a wide range of data types, including data on network com- ponents. It used a combination of RSA and AES encryption, making the data inaccessible without

   a decryption key that could only be obtained by paying the ransom.

    

   4

    

   Malicious program code “NotPetya” (2017)

    

   attack „Wanna- (2018–pres-

    

   An attack through compromised Legitimate Soft- ware Updates (M.E.Doc). The malware spread like a worm, disguised as ransomware, but the goal was to cause destruction, not extort money.

   5

    

   Ransomware

    

   Cry“ (2017)

    

   The attack exploited a security vulnerability in Microsoft Windows operating systems (Eternal- Blue exploit)

   6

    

   Ryuk Ran-

    

   DoppelPaymer Company

    

   somware

    

   ent)

    

   An attack that begins with a compromise of a net- work (usually via TrickBot), delivered manually, involving network mapping and data exfiltration before launching the attack.

   7

    

   Ransomware (2019-present)

    

   Sfir -phishing attacks, exploitation of out-of-date vulnerabilities, network mapping, privilege escala- tion, fast encryption of offline data

   8

    

   “Enel Group” (2020)

    

   Attack via Netwalker and Snake ransomware, encrypting data within the company

   Case study

   Consequences Social

    

   Nikola Vidović, Vladimir M. Cvetković, Hatidža Beriša, Srđan Milašinović

    

   Loss of customer trust, possible negative impact on corporate reputation and future sales

   Difficulties for small and large companies, reducing trust in the security of digital platforms

   Gas stations have been closed, fuel prices have risen, and transportation, including air travel, has been disrupted. Citizens and public services have been affected by fuel shortages. Social tensions due to shortages.

   There is a growing concern among citizens about disrupted government services and an increased fear of compromised sensitive data. The impact on the public sector and the living standards of citizens who depend on state services, as well as the increased burden on public services.

   65 million users harmed, privacy violations, personal and corporate data compromised

   Loss of confidence in the security of academ- ic institutions, disruptions in student activ- ities. Public pressure on the university and the government to respond to the attacks.

   Data exposure of 190 million people, massive legal proceedings, patient trust significantly damaged

   Potential disruption of services for citizens, increased stress for employees

    

    

    

    

    

    

    

   Table 5 details the attack vectors and techniques used across the analyzed cases, revealing a clear

   progression in complexity. Early methods, such as phishing emails and malware attachments (e.g., CryptoLocker, Locky), have evolved into advanced, multi-vector attacks employing zero-day ex- ploits, supply chain breaches, and ransomware-as-a-service models. Tactics now often include au- tomation, stolen credentials, and lateral movement within networks, reflecting a trend toward more scalable and professionalised cybercrime. Encrypted communications and anonymous payment systems—most notably cryptocurrency wallets—continue to hinder attribution and response. This evolution supports the interpretation of ransomware as more than just a criminal act, positioning it as a form of digital disaster within contemporary risk governance frameworks.

    

   No.	9	10	11	12	13	14	15	16
   Case study	Company “Garmin” (2020)	Company „Kaseya Inc.“ (2021)	Company „Colonial Pipeline“ (2021)	Republic of Costa Rica (2022)	Data Transfer Software “MOVEit” (2023)	Univer- sity and Research Institute “Technion” (2023)	Company „Change Healthcare Inc.“ (2024)	Company “Southern Water” (2025)
   Vector methodology of cyber attack and incident	The attack utilised WastedLocker, which was developed by the notorious group Evil Corp. Systems were encrypted, and services such as Garmin Connect, flyGarmin, Strava, and inReach were rendered inaccessible. The attackers demanded $10 million to decrypt the data.	The attack was carried out through Kaseya V.S.A. software, which allowed malware to be inserted, encrypting data on more than 1,000 systems. The attackers demanded a ransom of $70 million in Bitcoin.	The attackers, who were members of the hack- er group Darkside, gained access through an employee’s VPN account and applied data encryption software.	The attackers used ransomware to coordinate attacks on multiple government agencies (Ministry of Finance, Ministry of Education, Social Security Fund).	Ransomware group “Clop” exploited a zero vulnerability in “MOVEit” software	The attackers used the software DarkBit, which targets Windows operating systems. They added the “Darkbit” to the “AES-256” encryption to encrypt data.	Citrix portal without multi-factor authentica- tion, data exfiltration, file encryption	Attack through Black Basta ransomware, use of phishing attacks or vulnerabilities in the network

    

6. Discussion

   The evidence presented in this paper reinforces the classification of ransomware as a high-im- pact, cross-border threat that mirrors large-scale disruptive events typically categorized as disas- ters. Its spread through digital infrastructure, exploitation of systemic weaknesses, and far-reach- ing secondary effects—particularly on public trust, service continuity, and social stability—position ransomware within the broader category of complex socio-technical risks requiring coordinated, multisectoral responses (Andersen, 2025; Axon et al., 2023; Connolly & Wall, 2019; Moussaileb, Cup- pens-Boulahia, Lanet, & Bouder, 2021; Nagar, 2024; Robles-Carrillo & García-Teodoro, 2022; Singh & Sittig, 2016; Sudheer, 2024; Wilner et al., 2019; Yuste & Pastrana, 2021).

   Notably, the concentration of indirect and intangible costs in essential sectors like healthcare, utilities, and government services reveals a significant policy gap: the absence of adaptive cyber resilience frameworks tailored to critical infrastructure (Cvetković, 2013; Cvetković & Kezunović, 2021; Cvetković, 2024b; Hromada & Lukas, 2012; Koliou, van de Lindt, Ellingwood, Dillard, Cutler, & McAllister, 2018; Mijalković & Cvetković, 2013; Vidović, Cvetković, & Beriša, 2024). This issue is especially pressing in transition and lower-capacity economies, where digital advancement of- ten outpaces the development of effective risk management systems. The proliferation of ransom- ware-as-a-service (RaaS) further enlarges the threat landscape, increasing the volume of attacks and diversifying their targets—strengthening the case for framing ransomware as an evolving disaster phenomenon.

   Over the last decade, an exponential growth in ransomware strains and changes in the malware market have been identified, which implicitly affect the challenges, risks, and threats to the barriers that prevent large-scale cyber attacks (August et al., 2019). A comprehensive analysis of empirical evidence and data has produced a systematic overview in Tables 3, 4 and 5 of this paper. The pe- riod from 2015 to 2019 was identified in the analysis as an early stage of gradual but exponential growth in cybercrime, including ransomware attacks, which resulted in significant losses and finan- cial damage, primarily comprising direct and indirect costs that were unpredictable per attack. The most significant case studies were found to be the “Locky”, “NotPetya” malware and “WannaCry” ransomware attacks. Then, from the end of 2019, the crisis caused by the coronavirus pandemic occurred, which in 2020 was a catalyst for the development and vector distribution of ransomware attacks through a rapid degree of digitalisation and the establishment of a hybrid business model, primarily on critical infrastructure as a vital interest of every state, through the health sector, the financial sector and the energy sector.

   Collectively, the findings from Tables 3, 4, and 5 strengthen the framing of ransomware as a form of digital disaster. These incidents share key characteristics with traditional disasters—un- predictability, large-scale disruption, cascading impacts, and significant financial and human costs. The comparative analysis highlights that attacks targeting healthcare and government sectors often result in the highest indirect losses and the most profound societal consequences. This underscores the need for cyber resilience efforts to prioritize sectors that are both highly dependent upon and vulnerable to digital infrastructure. Additionally, the evolution of attack methods underscores the need for ongoing adaptation in technical defences and organisational risk management strategies.

    

   By establishing continuous monitoring of threats arising from ransomware attacks, it was found that in 2021, there were record ransom payments for ransomware attacks ($1.1 billion), indicating the growth of cybercrime and the characteristic of greater profitability of cyberattacks on the digital economy. In 2022, the number of reported cyberattacks continued to grow, and the financial damag- es were significant – indicating increased incidents and a growing, primarily negative impact on the economy. Total global losses from cyberattacks in 2023 exceeded $12.5 billion, representing a 22% in- crease from the previous year. Ransomware attacks were among the most significant. In the first half of 2024, payments to victims of ransomware attacks totalled $460 million, representing a 2% increase compared to the same period in 2023. Projections indicate a continued growth trend in cyberattacks, of which ransomware attacks are the type with the most significant impact on the digital economy, resulting in devastating socio-economic consequences for the economy and population, and above all, for critical infrastructure.

   From a governance standpoint, these findings underscore the urgent need for integrated risk management strategies that extend beyond technical enhancements. Governments should incorpo- rate cyber-disaster scenarios into national emergency planning, mandate cyber incident reporting, and incentivize investments in cyber hygiene—particularly within the public sector. The response must extend beyond infrastructure security for private-sector organisations, particularly in finance, healthcare, and energy. It should also enhance organisational resilience through staff training, re- dundancy protocols, robust data recovery plans, and insurance coverage that reflects contemporary digital risks. Public-private partnerships and shared platforms for threat intelligence are key to man- aging sectoral interdependencies.

   At the international level, the extraterritorial nature of ransomware necessitates deeper collabo- ration on attribution, enforcement, cryptocurrency oversight, and intelligence sharing. Ultimately, future research should prioritise the development of quantitative models that capture both direct and indirect costs, as well as scenario-based simulations to assess sector-specific preparedness. Lon- gitudinal studies tracking recovery trajectories post-attack could further enrich the understanding of institutional resilience, complementing the cross-sectional insights provided in this study.

7. Conclusion

This paper has shown that ransomware should no longer be viewed solely as a cybersecurity challenge, but as a complex and evolving disaster risk with far-reaching consequences for economic stability, institutional resilience, and public trust. Drawing on sixteen high-impact case studies, the research presents a typology of financial losses and systemic disruptions, highlighting the dispro- portionate impact on critical infrastructure and the compounding nature of indirect costs. By fram- ing ransomware as a form of digital disaster, the study contributes to a more integrated approach to cyber risk within the broader context of disaster risk governance and resilience planning.

The findings point to several practical implications, calling for coordinated but context-specific action from key stakeholders: a) governments should incorporate ransomware preparedness into national risk strategies, encourage transparent incident reporting, and provide fiscal incentives for cybersecurity investments; b) private-sector entities need to implement zero-trust architectures, de- velop insurance solutions tailored to cyber threats, and enhance organisational resilience that ex- tends beyond technical safeguards; c) at the international level, institutions must advance cross-bor-

der collaboration—particularly in regulating virtual assets, supporting joint law enforcement efforts, and setting global standards for cyber disaster response.

The financial impact of cybercrime has reached staggering proportions, with projections indicat- ing an alarming upward trend. An unfortunate aspect of today’s online society affects businesses of all sizes. The global scale of financial flows associated with ransomware attacks has grown dramat- ically in recent years. New techniques have increased the profitability of attacks and the likelihood of success. These include targeting large, high-value entities and ransomware-as-a-service (RaaS), where ransomware criminals sell customised software kits to affiliates. The consequences of a ran- somware attack can be dire, posing significant national security threats that include damage and dis- ruption to critical infrastructure and services. A ransomware attack is a form of extortion, and FATF standards require it to be criminalised as a predicate offence for money laundering (The Financial Action Task Force, 2023). Ransomware criminals exploit the international nature of virtual assets to facilitate large, near-instantaneous cross-border transactions, sometimes without the involvement of traditional financial institutions that have programs in place to prevent money laundering and terrorist financing.

 

Ransomware attacks are on the rise globally, and any business or organisation can be a target of these attacks, which require additional attention and preparation in terms of business cybersecurity and the complete protection of the digital economy. As Krivokapić et al. (2023) point out, it is crucial that all relevant institutions, including financial institutions, are informed about the ransomware at- tack and the ransom payment. This is important because it provides sufficient evidence for possible legal proceedings or cancellation of ransom payments. Additionally, business entities should invest in insurance policies that include cybersecurity coverage, as standard commercial policies often do not provide sufficient protection against cyberattacks. These insurance policies help cover the costs arising from attacks, such as ransomware (Cobos et al., 2024). Since states cannot always effectively protect themselves from cyber attacks, it is recommended that they encourage investment in cyber- security. This can be supported by introducing tax breaks and double deductions for costs related to cybersecurity.

The first recommendation is to continue investing in workforce education and training, enabling individuals to identify threats and respond effectively (World Economic Forum, 2025). Then, it is necessary to adopt a zero-trust approach, which minimizes the risk of attacks by treating all requests as potentially malicious. It is also crucial to enhance incident response plans to respond promptly to cyberattacks and mitigate their impact. Advanced technologies, such as artificial intelligence and automation, should be used to improve threat detection and predictive analytics, but with caution against attacks launched by artificial intelligence (Thakur, 2024). Collaboration and information sharing among members of the cybersecurity community are also key to strengthening defences. Data protection and privacy should be a top priority, alongside regulatory compliance and trans- parent communication. Finally, it is essential to regularly assess and update security to identify new vulnerabilities and adapt defences to emerging threats, as cybersecurity is an ongoing process that requires a proactive approach, collaboration, and the integration of modern technologies to success- fully confront evolving threats.

This study has limitations. The analysis relies on publicly available data, which may exclude undisclosed or underreported incidents. Future research should focus on analysing longitudinal data, identifying sector-specific vulnerabilities, and modelling recovery trajectories following major ransomware events. In closing, confronting the ransomware threat demands more than just tech- nological fixes. It requires a fundamental shift in how digital risk is conceptualised, governed, and financed. Without integrated, adaptive, and inclusive strategies, ransomware may become one of this century’s defining disaster threats.

Funding: This research was funded by the Scientific–Professional Society for Disaster Risk Man- agement, Belgrade (https://upravljanje-rizicima.com/, accessed April 18, 2025) and the International Institute for Disaster Research, Belgrade, Serbia (https://idr.edu.rs/, accessed April 18, 2025).

Acknowledgements: The authors acknowledge the use of Grammarly Premium and ChatGPT

4.0 in the process of translating and improving the clarity and quality of the English language in this

manuscript. The AI tools assisted in language enhancement but were not involved in developing the scientific content. The authors take full responsibility for the originality, validity, and integrity of the manuscript.

Conflicts of Interest: The authors declare no conflicts of interest.

References

1. Aleksandrina, M., Budiarti, D., Yu, Z., Pasha, F., & Shaw, R. (2019). Governmental Incentivi- zation for SMEs’ Engagement in Disaster Resilience in Southeast Asia. International Journal of Disaster Risk Management, 1(1), 32-50.
2. Al-ramlawi, A., El-Mougher, M., & Al-Agha, M. (2020). The Role of Al-Shifa Medical Com- plex Administration in Evacuation & Sheltering Planning. International Journal of Disaster Risk Management, 2(2).
3. Andersen, E. S. (2025). How to mitigate ransomware risk through data and risk quantifica- tion. Cyber Security: A Peer-Reviewed Journal. doi:10.69554/ztgt3456

    

4. August, T., Dao, D., & Niculescu, M. F. (2019). Economics of ransomware attacks. Unpub- lished manuscript.
5. August, T., Dao, D., & Niculescu, M. F. (2022). Economics of ransomware: Risk interdepend- ence and large-scale attacks. Management Science, 68(12), 8979–9002. https://doi.org/10.1287/ mnsc.2021.4216
6. Axon, L., Erola, A., Agrafiotis, I., Uuganbayar, G., Goldsmith, M., & Creese, S. (2023). Ran- somware as a Predator: Modelling the Systemic Risk to Prey. Digital Threats: Research and Practice, 4, 1-38. doi:10.1145/3579648
7. Benmalek, M. (2024). Ransomware on cyber-physical systems: Taxonomies, case studies, se- curity gaps, and open challenges. Internet of Things and Cyber-Physical Systems. doi:10.1016/j. iotcps.2023.12.001
8. Carla S, R. G. (2019). School-community collaboration: disaster preparedness towards build- ing resilient communities. International Journal of Disaster Risk Management, 1(2), 45-59.
9. Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The economic impact of cyber-at- tacks (CRS RL32331). Congressional Research Service.
10. Chen, S., Hao, M., Ding, F., Jiang, D., Dong, J., Zhang, S., Guo, Q., & Gao, C. (2023). Exploring the global geography of cybercrime and its driving forces. Humanities and Social Sciences Communications, 10, 71. doi:10.1057/s41599-023-01560-x
11. Chin, K. (2024). The impact of cybercrime on the economy. Retrieved from https://www.up- guard.com/blog/the-impact-of-cybercrime-on-the-economy
12. Cobos, E. V. (2024). Cybersecurity economics for emerging markets. Washington, DC: World Bank. doi:10.1596/978-1-4648-2120-2
13. Cobos, V., Belen, E., & Selcen, C. (2024). A review of the economic costs of cyber incidents. Washington, DC: World Bank Group. Retrieved from http://documents.worldbank.org
14. Connolly, L., & Wall, D. (2019). The rise of crypto-ransomware in a changing cybercrime land- scape: Taxonomising countermeasures. Comput. Secur., 87. doi:10.1016/J.COSE.2019.101568
15. Connolly, L., Wall, D., Lang, M., & Oddson, B. (2020). An empirical study of ransomware at- tacks on organizations: an assessment of severity and salient factors affecting vulnerability. J. Cybersecur., 6. doi:10.1093/cybsec/tyaa023
16. Cook, S., Giommoni, L., Trajtenberg Pareja, N., Levi, M., & Williams, M. L. (2023). Fear of economic cybercrime across Europe: A multilevel application of routine activity theory. The British Journal of Criminology, 63(2), 384–406. doi:10.1093/bjc/azac093
17. Couce-Vieira, A., Insua, D. R., & Kosgodagan, A. (2020). Assessing and forecasting cybersecu- rity impacts. Decision Analysis, 17(4), 356–374. doi:10.1287/deca.2020.0421
18. Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance – Issues and Practice, 47(3), 698–722. doi:10.1057/s41288-021- 00233-9
19. Cvetković, S. M., & V. (2013). Vulnerability of critical infrastructure by natural disasters. Paper presented at the National critical infrastructure protection, regional perspective., Belgrade.
20. Cvetković, V. (2019). Risk Perception of Building Fires in Belgrade. International Journal of Dis- aster Risk Management, 1(1), 81-91.
21. Cvetković, V. (2023). A Predictive Model of Community Disaster Resilience based on Social Identity Influences (MODERSI). International Journal of Disaster Risk Management, 5(2), 57-80.
22. Cvetković, V. (2024a). Disaster Risk Management. In: Scientific-Professional Society for Disas- ter Risk Management, Belgrade.
23. Cvetković, V. (2024b). Essential Tactics for Disaster Protection and Rescue. Scientific-Profes- sional Society for Disaster Risk Management, Belgrade.
24. Cvetković, V. M. (2024a). Disaster Resilience: Guide for Prevention, Response and Recovery. In: Belgrade: Scientific-Professional Society for Disaster Risk Management.

     

25. Cvetković, V. M. (2024b). In-Depth Analysis of Disaster (Risk) Management System in Serbia: A Critical Examination of Systemic Strengths and Weaknesses.
26. Cvetković, V. M., & Šišović, V. (2024). Capacity building in Serbia for disaster and climate risk education. In Disaster and Climate Risk Education: Insights from Knowledge to Action (pp. 299- 323): Springer Nature Singapore Singapore.
27. Cvetković, V. M., Dragašević, A., Protić, D., Janković, B., Nikolić, N., & Milošević, P. (2022). Fire safety behavior model for residential buildings: Implications for disaster risk reduc- tion. International Journal of Disaster Risk Reduction, 76, 102981. doi:https://doi.org/10.1016/j. ijdrr.2022.102981
28. Cvetković, V. M., Renner, R., & Jakovljević, V. (2024). Industrial Disasters and Hazards: From Causes to Conse-quences—A Holistic Approach to Resilience. International Journal of Disaster Risk Management, 6(2), 149-168.
29. Cvetković, V. M., Tanasić, J., Ocal, A., Kešetović, Ž., Nikolić, N., & Dragašević, A. (2021). Ca- pacity Development of Local Self-Governments for Disaster Risk Management. International Journal of Environmental Research and Public Health, 18(19), 10406.
30. Cvetković, V., & Grbić, L. (2021). Public perception of climate change and its impact on natu- ral disasters. Journal of the Geographical Institute Jovan Cvijic.
31. Cvetković, V., & Janković, B. (2020). Private security preparedness for disasters caused by nat- ural and anthropogenic hazards. International Journal of Disaster Risk Management, 2(1), 23-33.
32. Cvetković, V., & Kezunović, A. (2021). Security Aspects of Critical Infrastructure Protection in Anthropogenic Disasters: A Case Study of Belgrade. Research Squares – Preprint, 10.21203/ rs.21203.rs-927528/v927521.
33. Cvetković, V., & Martinović, J. (2020). Inovative solutions for flood risk management. Interna- tional Journal of Disaster Risk Management, 2(2), 71–100.
34. Cvetković, V., & Renner, R. (2024). Comprehensive Databases on Natural and Man-Made (Technological) Hazards and Disasters: Mapping Risks and Challenges. In: Belgrade: Scientif- ic-Professional Society for Disaster Risk Management.
35. Cvetković, V., & Šišović, V. (2024). Understanding the Sustainable Development of Commu- nity (Social) Disaster Resilience in Serbia: Demographic and Socio-Economic Impacts. Sus- tainability, 16 (7), 2620. In.
36. Cvetković, V., Nikolić, A., & Ivanov, A. (2023). The Role of Social Media in the Process of Informing the Public About Disaster Risks. Journal of Liberty and International Affairs, 9(2), 104- 119.
37. Cvetković, V., Tanasić, J., Renner, R., Rokvić, V., & Beriša, H. (2024). Comprehensive Risk Analy- sis of Emergency Medical Response Systems in Serbian Healthcare: Assessing Systemic Vulnerabilities in Disaster Preparedness and Response. Paper presented at the Healthcare.
38. Farahbod, K., Shayo, C., & Varzandeh, J. (2020). Cybersecurity indices and cybercrime annual loss and economic impacts. Journal of Business and Behavioral Sciences, 32(1), 63–71.
39. George, A. S., Baskar, T., & Srikaanth, P. B. (2024). Cyber threats to critical infrastructure: As- sessing vulnerabilities across key sectors. Partners Universal International Innovation Jour- nal, 2(1), 51–75. doi:10.5281/zenodo.10639463
40. Goodell, J., & Corbet, S. (2022). Commodity market exposure to energy-firm distress: Evi- dence from the Colonial Pipeline ransomware attack. Finance Research Letters. doi:10.1016/j. frl.2022.103329
41. Grace, J. (2023). Impact of cybersecurity measures on financial data breaches. International Journal of Modern Risk Management, 1(1). Retrieved from https://www.iprjb.org/journals/ index.php/IJMRM/article/view/2097
42. Gulyas, O., & Kiss, G. (2023). Impact of cyber-attacks on the financial institutions. Procedia Computer Science, 219, 84–90.

     

43. HISCOX Group. (2024). Cyber readiness report 2024: Protecting reputation through cyber re- silience. Retrieved from https://www.hiscoxgroup.com/sites/group/files/documents/2024-10/ HSX245–2024-CRR.pdf
44. Hromada, M., & Lukas, L. (2012). Critical Infrastructure Protection and the Evaluation Pro- cess. International Journal of Disaster Recovery and Business Continuity, 3.
45. International Chamber of Commerce. (2024). Protecting the cybersecurity of critical infra- structure and their supply chains.
46. International Monetary Fund. (2024). Global financial stability report: The last mile – Finan- cial vulnerabilities and risks.
47. Jimmy, F. (2024). Assessing the effects of cyber attacks on financial markets. Journal of Artifi- cial Intelligence General Science, 6(1), 288–305. doi:10.60087/jaigs.v6i1.254
48. Jurišić, D., & Marceta, Z. (2024). Collaborative Gaps: Investigating the Role of Civilian-Re- ligious Authority Disconnection in Psychosocial Support Provision during the 2014 Floods. International Journal of Disaster Risk Management, 6(2), 1-18.
49. Kala, E. S. M. (2023). Critical role of cyber security in global economy. Open Journal of Safety Science and Technology, 13(4), 231–248.
50. Koliou, M., van de Lindt, J. W., Ellingwood, B., Dillard, M., Cutler, H., & McAllister, T. P. (2018). A critical appraisal of community resilience studies: Progress and challenges.
51. Krivokapić, Đ., Nikolić, A., Stefanović, A., & Milosavljević, M. (2023). Financial, accounting and tax implications of ransomware attack. Studia Iuridica Lublinensia, 32(1), 191–211. Re- trieved from https://ssrn.com/abstract=4562912
52. Kumiko, F., & Shaw, R. (2019). Preparing International Joint Project: Use of Japanese Flood Hazard Map in Bangladesh. International Journal of Disaster Risk Management, 1(1), 62-80.
53. Künzler, F. (2023). Real cyber value at risk: An approach to estimate economic impacts of cy- berattacks on businesses (Master’s thesis). University of Zurich.
54. Kuzior, A., Brożek, P., Kuzmenko, O., Yarovenko, H., & Vasilyeva, T. (2022). Countering cy- bercrime risks in financial institutions: Forecasting information trends. Journal of Risk and Financial Management, 15(12), 613.
55. Kuzior, A., Tiutiunyk, I., Zielińska, A., & Kelemen, R. (2024). Cybersecurity and cybercrime: Current trends and threats. Journal of International Studies, 17(2), 220–239. doi:10.14254/2071- 8330.2024/17-2/12
56. Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659–671. doi:10.1016/j.bushor.2021.02.022
57. Lis, P., & Mendel, J. (2019). Cyberattacks on critical infrastructure: An economic perspective. Economics and Business Review, 19(2), 24–47. doi:10.18559/ebr.2019.2.2
58. Mijalković, S., & Cvetković, V. (2013). Vulnerability of critical infrastructure by natural disasters.

    Paper presented at the National critical infrastructure protection, regional perspective.

59. Mokhele, M. O. (2024). Centres or Units: Making Sense of Decentralisation of Disaster Man- agement in South African Municipalities. International Journal of Disaster Risk Management, 6(2), 19-38.
60. Molina, R. M. A., Torabi, S., Sarieddine, K., Bou-Harb, E., Bouguila, N., & Assi, C. (2022). On Ransomware Family Attribution Using Pre-Attack Paranoia Activities. IEEE Transactions on Network and Service Management, 19, 19-36. doi:10.1109/tnsm.2021.3112056
61. Molnár, A. (2024). A Systematic Collaboration of Volunteer and Professional Fire Units in Hungary. International Journal of Disaster Risk Management, 6(1), 1-13.
62. Mott, G., Turner, S., Nurse, J., Pattnaik, N., MacColl, J., Huesch, P., & Sullivan, J. (2024). ‘There was a bit of PTSD every time I walked through the office door’: Ransomware harms and the factors that influence the victim organization’s experience. J. Cybersecur., 10. doi:10.1093/cyb- sec/tyae013

     

63. Moussaileb, R., Cuppens-Boulahia, N., Lanet, J.-L., & Bouder, H. L. (2021). A Survey on Win- dows-based Ransomware Taxonomy and Detection Mechanisms. ACM Computing Surveys (CSUR), 54, 1-36. doi:10.1145/3453153
64. Muniandy, M., Ismail, N., Al-Nahari, A., & Yao, D. N. (2024). Evolution and impact of ran- somware: Patterns, prevention, and recommendations for organizational resilience. Interna- tional Journal of Academic Research in Business and Social Sciences, 14. doi:10.6007/IJARBSS/ v14-i1/19803
65. Nagar, G. (2024). The Evolution of Ransomware: Tactics, Techniques, and Mitigation Strat- egies. International Journal of Scientific Research and Management (IJSRM). doi:10.18535/ijsrm/ v12i06.ec09
66. Pattnaik, N., Nurse, J., Turner, S., Mott, G., MacColl, J., Huesch, P., & Sullivan, J. (2023). It’s more than just money: The real-world harms from ransomware attacks. ArXiv, abs/2307.02855. doi:10.48550/arXiv.2307.02855
67. Perić, J., & Vladimir, C. M. (2019). Demographic, socio-economic and phycological perspec- tive of risk perception from disasters caused by floods: case study Belgrade. International Jour- nal of Disaster Risk Management, 1(2), 31-43.
68. Putnik, N. (2022). Sajber rat i sajber mir. Beograd: Akademska misao.
69. Putnik, N., Milošević, M., & Cvetković, V. (2022). Rensomver kao pretnja bezbednosti – društ- veni i krivičnopravni aspekti. Sociološki pregled, 56(1), 328–353.
70. Rahman, A. M., & Islam, S. (2022). Financial and social costs perspective impacts of cyber- crime in the UAE: Policy-guidance addressing the problem in piecemeal approach. Interna- tional Journal of Economics, Business and Management Studies, 9(2), 89–103. doi:10.55284/ ijebms.v9i2.718
71. Rebouh, N., Tout, F., Dinar, H., Benzid, Y., & Zouak, Z. (2024). Integrating Multi-Source Ge- ospatial Data and AHP for Flood Susceptibility Mapping in Ain Smara, Constantine, Algeria. International Journal of Disaster Risk Management, 6(2), 245-264.
72. Reshmi, T. (2021). Information security breaches due to ransomware attacks – a systematic literature review. Int. J. Inf. Manag. Data Insights, 1, 100013. doi:10.1016/J.JJIMEI.2021.100013
73. Robles-Carrillo, M., & García-Teodoro, P. (2022). Ransomware: An Interdisciplinary Technical and Legal Approach. Security and Communication Networks. doi:10.1155/2022/2806605
74. Schwarz, M., Marx, M., & Federrath, H. (2021). A structured analysis of information security incidents in the maritime sector. arXiv preprint arXiv:2112.06545.
75. Seng, Y. J., Cen, T. Y., bin Mohd Raslan, M. A. H., Subramaniam, M. R., Xin, L. Y., Kin, S. J., Long,

    M. S., & Sindiramutty, S. R. (2024). In-depth analysis and countermeasures for ransomware attacks: Case studies and recommendations. Preprints. doi:10.20944/preprints202408.2261.v1

76. Singh, H., & Sittig, D. (2016). A Socio-Technical Approach to Preventing, Mitigating, and Re- covering from Ransomware Attacks. Applied Clinical Informatics, 7, 624-632. doi:10.4338/ACI- 2016-04-SOA-0064
77. Sudheer, S. (2024). Ransomware Attacks and Their Evolving Strategies: A Systematic Review of Recent Incidents. Journal of Technology and Systems. doi:10.47941/jts.2399
78. Sviatun, O. V., Goncharuk, O. V., Roman, C., Kuzmenko, O., & Kozych, I. V. (2021). Combat- ing cybercrime: Economic and legal aspects. WSEAS Transactions on Business and Econom- ics, 18, 751–762.
79. Tariq, N. (2018). Impact of cyberattacks on financial institutions. Journal of Internet Banking and Commerce, 23(2), 1–11.
80. Tarter, A. (2017). Importance of cyber security. In Community policing – A European perspec- tive: Strategies, best practices and guidelines (pp. 213–230).
81. Thakur, M. (2024). Cyber security threats and countermeasures in digital age. Journal of Ap- plied Science and Education, 4(1), 1–20.
82. ThankGod, J. (2024). Cyber heists and trade turmoil: Uncovering the economic impact of cy- bersecurity breaches on global commerce. doi:10.2139/ssrn.4858710

     

83. The Financial Action Task Force. (2023). Countering ransomware financing. FATF. Retrieved from http://www.fatf-gafi.org
84. Umer, S. S. (2024). Analysing in Post COVID-19 era: The Effect of Occupational Stress and Work-Life Balance on Employees Performance. International Journal of Disaster Risk Manage- ment, 6(1), 75-90.
85. Valackienė, A., & Odejayi, R. O. (2024). The impact of cyber security management on the digital economy: Multiple case study analysis. Intellectual Economics, 18(2), 261–283. doi:10.13165/ IE-24-18-2-02
86. Vibhas, S., Bismark, A. G., Ruiyi, Z., Anwaar, M. A., & Rajib, S. (2019). Understanding the barriers restraining effective operation of flood early warning systems. 1(2), In press.
87. Vidović, N., Cvetković, V. M., & Beriša, H. (2024). Optimising Disaster Resilience Through Advanced Risk Management and Financial Analysis of Critical Infra-structure in the Serbian Defence Industry. International Journal of Disaster Risk Management, 6(2), 183-200.
88. Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3), 66–72.
89. Wang, P., D’Cruze, H., & Wood, D. (2019). Economic costs and impacts of business data breaches. Issues in Information Systems, 20(2), 94–100.
90. Wedawatta, G. (2012). Resilience and adaptation of small and medium-sized enterpris- es to flood risk. Disaster Prevention and Management: An International Journal, 21(4), 474-488. doi:10.1108/09653561211256170
91. Wilner, A., Jeffery, A., Lalor, J., Matthews, K., Robinson, K., Rosolska, A., & Yorgoro, C. (2019). On the social science of ransomware: Technology, security, and society. Comparative Strategy, 38, 347-370. doi:10.1080/01495933.2019.1633187
92. Wollerton, M. (2023). Ransomware Attacks. doi:10.4135/cqresrre20230818
93. World Economic Forum. (2024). Global cybersecurity outlook 2024: Insight report. Retrieved from https://www3.weforum.org
94. World Economic Forum. (2025). Global cybersecurity outlook 2025: Insight report. Retrieved from https://reports.weforum.org
95. Yuste, J., & Pastrana, S. (2021). Avaddon ransomware: an in-depth analysis and decryption of infected systems. ArXiv, abs/2102.04796. doi:10.1016/j.cose.2021.102388
96. Zimba, A., & Chishimba, M. (2019). On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems. European Journal for Security Research, 4, 3-31. doi:10.1007/s41125-019