Ransomware attacks aimed at industrial organizations are increasingly impacting operational technology (OT) systems, according to a survey commissioned by OT and IoT security firm Claroty.
Claroty on Wednesday published its 2023 ‘Global state of industrial cybersecurity’ report, which is based on responses from a survey of 1,100 IT and OT security professionals representing organizations in the Americas, EMEA and APAC regions.
Three-quarters of respondents confirmed suffering a ransomware attack in the past year. In 21% of cases, the attack impacted only IT systems. In 17% of cases, the incident affected OT systems, and 37% of attacks hit both IT and OT systems.
This 37% is significant, including for the fact that it’s a 10% increase compared to 2021, when Claroty commissioned a similar survey.
Globally, 12% of respondents described the impact of the attack as extreme, which means it resulted in signficant or full operations shutdown for more than one week, and 10% said impact was severe, meaning it impacted more than one site or function for over a week.
Of the IT/OT professionals who took part in the survey, two-thirds admitted making a ransom payment in response to the attack, including 6% who admitted paying more than $5 million, and 12% paying $1-5 million.
In 23% of cases, the financial cost incurred as a result of the ransomware attack exceeded $1 million and more than 50% reported costs between $100,000 and $999,000.
A majority of organizations are aware of the potential threat posed by ransomware and have a cyber insurance policy.
Respondents have also been asked about their use of generative AI for cybersecurity and their concerns regarding its use.
More than 60% of organizations use security tools that leverage generative AI and 27% are interested in doing so. However, in 44% of cases, the use of AI capabilities actually raises the respondent’s security concerns.
Related: Ransomware Often Hits Industrial Systems, With Significant Impact: Survey
Related: Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
Related: Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA