75% of the industrial sector attacked with ransomware in the past year: study

Claroty has released research showing that 75% of respondents reported being targeted by ransomware in the past year. The report, The Global State of Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Maturing Defenses, is based on a global independent survey of 1100 information technology (IT) and operational technology (OT) security professionals who work in critical infrastructure sectors, exploring industry challenges faced in the past year, their impact on OT security programs and priorities into the near future.

The study shows that when it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments. In Claroty’s previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted both IT and OT. Today, 21% impact IT only, while 37% impact both IT and OT — a significant 10% jump for the latter in just two years. This trend speaks to the expanding attack surface area and risk of operational disruption that comes with IT/OT convergence.

On top of the growing operational impact of ransomware, the high financial impact persists. Of the 75% of respondents whose organisations were targeted by ransomware attacks in the past year, 69% paid the ransom, and more than half (54%) of those who paid the ransom suffered financial ramifications of US$100,000 or more. As a likely result, demand for cyber insurance is high among respondents. A large majority (80%) of organisations have cyber insurance policies and about half (49%) have opted for policies with coverage of half a million dollars or more.

The pressure of combating increased threats as well as financial loss comes as new technologies are being integrated into OT environments. For example, 61% of respondents are currently utilising security tools that leverage generative AI and an alarming 47% say that it raises their security concerns.

In light of these challenges brought on by combating ransomware and integrating new technology, governments have recognised the need for industry regulations and standards, which are now driving OT security priorities and investments. 45% of respondents say that TSA Security Directives have had the most significant impact on their organisation’s security priorities and investments, followed by CDM DEFEND (39%) and ISA/IEC-62443 (37%).

“Our study shows that there is clearly no shortage of challenges facing OT security professionals, but we also found tremendous room for opportunity and appetite to mature security posture across industrial environments,” said Yaniv Vardi, CEO at Claroty. “Organisations are already working to bolster their risk assessment, vulnerability management and network segmentation practices, in order to be highly proactive in their defence of cyber-physical systems.”

To access the full set of findings and analysis, download the report here.

Image credit: iStock.com/simoncarter