Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Ransomware attacks in many cases hit industrial control systems (ICS) or operational technology (OT) environments, and impact is often significant, according to a report published on Thursday by IoT and industrial cybersecurity company Claroty.

Ransomware attacks in many cases hit industrial control systems (ICS) or operational technology (OT) environments, and impact is often significant, according to a report published on Thursday by IoT and industrial cybersecurity company Claroty.

Claroty’s “Global State of Industrial Cybersecurity” report is based on a Pollfish survey of 1,100 IT and OT security professionals in the United States, Europe and the APAC region. More than half of respondents work for enterprises that have an annual revenue exceeding $1 billion. The survey was conducted in September 2021.

Roughly 80% of respondents admitted that their organization had experienced a ransomware attack within the past year, and nearly half said the incident had impacted their ICS/OT environment.

Only 15% of respondents said there was no impact or minimal impact on operations, and nearly 50% said there was significant impact. Seven percent said the incident resulted in a full operations shutdown that lasted for more than a week.

The cyberattack was disclosed to both authorities and shareholders in most cases, but some companies apparently did not inform anyone.

[ READ: Many Ransomware Attacks on OT Organizations Involved Ryuk ]

The survey shows that ransomware payments are prevalent, with more than 60% confirming that they had paid a ransom. Twenty percent of respondents said the amount of money paid to the hackers exceeded $1 million — this includes nearly 7% that paid out more than $5 million.

There has been a lot of debate over the past years on ransomware payments. The U.S. government has taken action against payment facilitators and issued a warning regarding potential legal implications. A recently introduced bill would require organizations to report ransomware payments.

Of the individuals who took part in the Claroty survey, 28% believe ransomware payments should be legal and there should be no requirement to inform authorities. More than 41%, on the other hand, believe these types of payments should be legal only as long as regulators or authorities are informed. Approximately 20% believe ransomware payments should be illegal.

Nearly two-thirds of respondents said reporting incidents involving IT or OT systems to government regulators should be mandatory.

When asked about the hourly cost of downtime on their company’s revenue, 8% said it was more than $5 million and 14% said it was $1 to $5 million.

As for the workforce, a vast majority of respondents believe IT security professionals in their organization are capable of managing the cybersecurity of OT/ICS environments. However, 40% said they are urgently looking to hire more industrial cybersecurity experts.

More than 80% of respondents said their ICS/OT security budget had increased moderately or significantly since the start of the pandemic. Moreover, many admitted that ransomware attacks such as the ones that hit Colonial Pipeline led to cybersecurity becoming a bigger priority and increased investment.

Claroty’s report also covers the impact of the COVID-19 pandemic on digital transformation and remote work, cybersecurity responsibilities and decision-making, investments and priorities, and best practices.

Related: OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks

Related: 5 Ways to Reduce the Risk of Ransomware to Your OT Network

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.