Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Ransomware attacks in many cases hit industrial control systems (ICS) or operational technology (OT) environments, and impact is often significant, according to a report published on Thursday by IoT and industrial cybersecurity company Claroty.

Claroty’s “Global State of Industrial Cybersecurity” report is based on a Pollfish survey of 1,100 IT and OT security professionals in the United States, Europe and the APAC region. More than half of respondents work for enterprises that have an annual revenue exceeding $1 billion. The survey was conducted in September 2021.

Roughly 80% of respondents admitted that their organization had experienced a ransomware attack within the past year, and nearly half said the incident had impacted their ICS/OT environment.

Only 15% of respondents said there was no impact or minimal impact on operations, and nearly 50% said there was significant impact. Seven percent said the incident resulted in a full operations shutdown that lasted for more than a week.

The cyberattack was disclosed to both authorities and shareholders in most cases, but some companies apparently did not inform anyone.

[ READ: Many Ransomware Attacks on OT Organizations Involved Ryuk ]

The survey shows that ransomware payments are prevalent, with more than 60% confirming that they had paid a ransom. Twenty percent of respondents said the amount of money paid to the hackers exceeded $1 million — this includes nearly 7% that paid out more than $5 million.

There has been a lot of debate over the past years on ransomware payments. The U.S. government has taken action against payment facilitators and issued a warning regarding potential legal implications. A recently introduced bill would require organizations to report ransomware payments.

Of the individuals who took part in the Claroty survey, 28% believe ransomware payments should be legal and there should be no requirement to inform authorities. More than 41%, on the other hand, believe these types of payments should be legal only as long as regulators or authorities are informed. Approximately 20% believe ransomware payments should be illegal.

Nearly two-thirds of respondents said reporting incidents involving IT or OT systems to government regulators should be mandatory.

When asked about the hourly cost of downtime on their company’s revenue, 8% said it was more than $5 million and 14% said it was $1 to $5 million.

As for the workforce, a vast majority of respondents believe IT security professionals in their organization are capable of managing the cybersecurity of OT/ICS environments. However, 40% said they are urgently looking to hire more industrial cybersecurity experts.

More than 80% of respondents said their ICS/OT security budget had increased moderately or significantly since the start of the pandemic. Moreover, many admitted that ransomware attacks such as the ones that hit Colonial Pipeline led to cybersecurity becoming a bigger priority and increased investment.

Claroty’s report also covers the impact of the COVID-19 pandemic on digital transformation and remote work, cybersecurity responsibilities and decision-making, investments and priorities, and best practices.

Related: OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks

Related: 5 Ways to Reduce the Risk of Ransomware to Your OT Network