OT attacks causing more than $1m in losses for 20% of companies: report

Claroty has released new research illuminating the significant business impacts of cyber attacks affecting cyber-physical systems (CPS) environments. The report, The Global State of CPS Security 2024: Business Impact of Disruptions is based on a global independent survey of 1100 infosecurity, OT engineering, clinical/biomedical engineering, and facilities management and plant operations professionals about the business impacts of cyber attacks on their organisations in the past 12 months.

The findings revealed a significant financial impact, with 1 out of 5 (22%) organisations in the ANZ region reporting a financial impact of US$1 million or more from cyber attacks affecting CPS. Several factors contributed to these losses, the most common being loss of customer or partner relationships (19%), lost revenue (15%) and regulatory fines (12%).

Ransomware continues to play a big role in recovery costs, as three-quarters of ANZ respondents met ransom demands of more than US$500,000 to recover access to encrypted systems and files in order to resume operations.

Closely tied to the financial losses are the operational impacts, with more than a quarter of ANZ respondents (25%) reporting a full day or more of operational downtime that impacted their ability to produce goods or services, while over a third (40%) said the recovery process took a week or more, and 18% said recovery took over a month. This is particularly notable given that CPS environments such as manufacturing plants place a premium on availability and uptime of critical systems — even at the expense of timely security and feature updates.

When considering the root cause of these cyber attacks, organisations in ANZ felt they were lacking certain security capabilities that could have decreased the negative impacts they experienced; they cited a lack of exposure management (16%) and not having an OT-specific SOC to respond to attacks (14%).

In the past 12 months, nearly all (93%) ANZ organisations surveyed had one or more cyber attacks originate from third-party supplier access to their CPS environment, while nearly half (47%) reported five or more attacks occurred this way. And yet, a majority (58%) admit to having only partial or no understanding of third-party connectivity to their CPS environment.

While the findings show the last 12 months were both disruptive and costly for most CPS-enabled organisations, ANZ respondents also conveyed growing confidence and improvements in their organisation’s risk reduction efforts. A majority (73%) have greater confidence in the ability of their organisation’s CPS to withstand cyber attacks today versus 12 months ago, and 100% expect to see quantifiable improvements in their CPS security in the next 12 months, while 36% are already seeing quantifiable improvements.

“Australian organisations across a range of different verticals are reporting similar risks to their CPS networks, particularly regarding the remote locations of some of these networks, which can make them difficult to access,” said Leon Poggioli, ANZ Regional Director at Claroty. “This growing risk to CPS has been reflected in legislation changes including the SOCI Act and industry-specific standards such as AESCSF, which ensures organisations have an accurate inventory of all CPS assets and an understanding of the key risks these assets face.

“The survey results also reveal how critical it is for Australian organisations to implement secure access principles, not just for third-party contractors but also for their own internal users. This provides an additional layer of auditability and monitoring on critical assets, which can have important safety and production implications in the case of a cyber attack. The bottom line is — if your organisation operates a CPS network, that network is most likely going to be your core business, making it all the more imperative to prioritise the cybersecurity of that infrastructure.”

Image credit: iStock.com/metamorworks