80% Critical Infrastructure Orgs Hit with Ransomware Attacks in 2021

Claroty, a security company for cyber-physical systems across industrial, health care, and enterprise environments, released a new report, revealing that 80 percent of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting their security budgets have risen since 2020.

Titled “The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption,” the report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.

Of the 80 percent of respondents who experienced a ransomware attack, 47 percent reported an impact to their industrial control system environment, and more than 60 percent paid the ransom, more than half of which cost $500,000 or more.

Additionally, most respondents estimated a loss in revenue per hour of downtime to their operations equal to or greater than the payout. Even among those who did pay the ransom, 28 percent still experienced substantial impact to operations for more than a week. These findings suggest that, despite the well-known downsides of paying the ransom, the alternative (revenue loss due to prolonged operational downtime) is too costly for most victim organizations to justify.

The report also found the combination of the ever-accelerating digital transformation and limited availability of skilled cybersecurity workers has resulted in several high-profile attacks on critical infrastructure.

In response, many C-suite executives have become involved in the decision-making and oversight of their organization’s cybersecurity practices. In fact, more than 60 percent are centralizing OT and IT governance under the CISO. In addition, 62 percent are supportive of government regulators enforcing mandatory and timely reporting of cybersecurity incidents that affect IT and OT/ICS systems.

Additional findings include:

Digital transformation, remote work, and staffing shortages persist – Digital transformation continues to accelerate since the start of the pandemic, as 73 percent of organizations plan to continue remote/hybrid work in some capacity. Nearly 90 percent of respondents are looking to hire more OT security staff, but 54 percent say it is hard to find qualified candidates.

Gaps in processes and technology remain – While more than 65 percent rate their organization’s vulnerability management strategy as moderately to highly proactive, ransomware attacks are still successful. This could be because nearly 30 percent share passwords, 57 percent employ usernames and passwords, and only 44 percent use VPNs – all areas of opportunity to strengthen resilience in OT environments.

Investments and priorities aimed at building resilience – More than 80 percent of respondents report their IT and OT/ICS security budgets have increased since 2020. The number is close to 90 percent in industries including IT hardware, oil & gas, and electric energy.

To access the full set of findings and analysis, download “The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption” report here.