Global survey reveals widespread impact of ransomware in APAC
Claroty has released research into the ‘Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption’, which revealed the impact of ransomware on organisations during 2021, with 80% of organisations in APAC affected by ransomware attacks and just over half (51%) paying the ransom. An independent survey of 1100 full-time IT and OT security professionals was carried out in the United States, Europe and Asia–Pacific, to determine how organisations dealt with ransomware challenges in 2021 and their levels of resiliency and priorities moving forward.
The survey found that 90% of APAC respondents (and 90% globally) had accelerated digital transformation since the start of the pandemic, with 48% (52% globally) reporting the acceleration as significant.
“Our research shows that critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there’s also a growing collective interest and desire in protecting our most essential systems,” said Claroty CEO Yaniv Vardi. “Security leaders looking to take their programs to the next level must account for all cyber-physical systems in their risk governance practices, segmenting their IT and OT networks and assets, extending their general IT cybersecurity practices to their OT devices, and consistently monitoring for threats across all networks.”
71% of organisations in APAC paid ransom fees of US$100K–1 million, and 13% paid US$1–5 million. Moreover, 52% of APAC organisations reported a downtime event would cost them up to US$0.5m per hour in lost revenue, with 36% reporting costs would be even higher per hour at US$0.5–5m. Globally, 9% of organisations said costs would exceed US$5m per hour. Only 5% of APAC companies would face such high costs.
The survey also explored the legal requirement to report ransomware payments with only 45% in APAC supporting a legal requirement to report ransomware payments, so long as this came with a requirement to also report payments to regulators or other authorities. In contrast, 23% in APAC supported ransomware payments being legally required, but with no obligation to report payment.
However, the report notes: “As long as the financial model continues to favour paying the ransom, these threats will continue. The only way to mitigate the risk is to understand how to make hyperconnectivity more secure. Gaps in processes and technology, some that have existed for years, must be addressed.”
The survey revealed an almost universally increased investment in cybersecurity, and a strengthening of cybersecurity measures over the past two years driven by the pandemic and by high-profile, and highly damaging, ransomware attacks in 2021: on Colonial Pipeline and global meat processor JBS, as well as the SolarWinds supply chain attack.
A ransomware attack was also a wake-up call for many victims. More than half of the respondents (52%) in APAC said cybersecurity had become a higher priority after an attack, and 55% said their security budget had increased, with 40% confirming implementation of new and/or updated cybersecurity controls and processes as a result.
These findings show that organisations have internalised the lessons learned from high-profile cyber attacks and are prioritising cybersecurity by increasing investments and implementing new or updated processes and controls. More than half of the respondents (90%) say their organisation’s C-suite and board are very involved in cybersecurity decision-making and oversight, which bodes well for ongoing investment and prioritisation.
For an in-depth analysis into the findings, along with full survey data, ‘The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption’ report is available here.
Rockwell Automation and Microsoft expand cloud and AI partnership
Rockwell and Microsoft have announced an expanded strategic collaboration that includes new cloud...
TNA's industrial XR brings Industry 5.0 to food manufacturers
Food processing and packaging technology company TNA Solutions has launched an immersive,...
Siemens updates TIA Portal
TIA Portal Version 20 focuses on performance and efficiency enhancements for users.