The Median Recovery Costs for 2 Critical Infrastructure Sectors, Energy and Water, Quadruples to $3 Million in 1 Year, Sophos Survey Finds
July 17 2024 - 9:00AM
Sophos, a global leader of innovative security solutions for
defeating cyberattacks, today released a sector survey report, “The
State of Ransomware in Critical Infrastructure 2024,” which
revealed that the median recovery costs for two critical
infrastructure sectors, Energy and Water, quadrupled to $3 million
over the past year. This is four times higher than the global
cross-sector median. In addition, 49% of ransomware attacks against
these two critical infrastructure sectors started with an exploited
vulnerability.
Data for the State of Ransomware in Critical Infrastructure 2024
report comes from 275 respondents at energy, oil and gas, and
utilities organizations, which fall under the Energy and Water
sectors of CISA’s 16 defined critical infrastructure sectors. The
results for this sector survey report are part of a broader,
vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted
between January and February 2024 across 14 countries and 15
industry sectors.
“Criminals focus where they can cause the most pain and
disruption so the public will demand quick resolutions, and they
hope, ransom payments to restore services more quickly. This makes
utilities prime targets for ransomware attacks. Because of the
essential functions they provide, modern society demands they
recover quickly and with minimal disruption,” said Chester
Wisniewski, global Field CTO.
“Unfortunately, public utilities are not only attractive targets
but vulnerable to attacks on many fronts, including the requirement
for high availability and safety, as well as an engineering mindset
focused on physical security. There’s a preponderance of older
technologies configured to enable remote management without modern
security controls like encryption and multifactor authentication.
Like hospitals and schools these utilities are frequently operating
with minimal staffing and without the IT staffing required to stay
on top of patching, the latest security vulnerabilities and the
monitoring required for early detection and response.”
On top of growing recovery costs, the median ransom payment for
organizations in these two sectors jumped to more than $2.5 million
in 2024—$500,0000 higher than the global cross-sector median. The
Energy and Water sectors also reported the second highest rate of
ransomware attacks. Overall, 67% of the organizations in these
sectors reported being hit by ransomware in 2024, in comparison to
the global, cross-sector average of 59%.
Other findings from the report include:
- The energy and water sectors reported increasingly longer
recovery times. Only 20% of organizations hit by ransomware were
able to recover within a week or less in 2024, compared to 41% in
2023 and 50% in 2022. Fifty-five percent took more than a month to
recover, up from 36% in 2023. In comparison, across all sectors,
only 35% of companies took more than a month to recover
- These two critical infrastructure sectors reported the highest
rate of backup compromise (79%) and the third highest rate of
successful encryption (80%) when compared to the other industries
surveyed
“This once again shows that paying ransom payments almost always
works against our best interests. An increasing number (61%) paid
the ransom as part of their recovery, yet the amount time it took
to recover was extended. Not only do these high rates and amounts
of ransoms encourage more attacks on the sector, but they are not
achieving the claimed goal of shorter recovery times,” said
Wisniewski.
“These utilities must recognize they are being targeted and take
proactive action to monitor their exposure of remote access and
network devices for vulnerabilities and ensure they have 24/7
monitoring and response capabilities to minimize outages and
shorten recovery times. Incident response plans should be planned
in advance, the same as for fires, floods, hurricanes and
earthquakes, and be rehearsed on a regular schedule.”Read the full
State of Ransomware in Critical Infrastructure on Sophos.com.
Learn More About Ransomware
- The State of Ransomware 2024
- The effect of cyber insurance on the ransomware landscape
- The role of law enforcement in ransomware attacks
- The role of unpatched vulnerabilities in ransomware
attacks
- How often companies’ backups are compromised during ransomware
attacks
- The rise of remote encryption among ransomware groups
- Ransomware attackers targeting managed service providers (MSPs)
in the 2024 Sophos Threat Report: Cybercrime on Main Street
- The latest techniques, tactics and procedures (TTPs) of cyber
attackers in the Active Adversary Report for 1H 2024
- The evolving ransomware business model in Junk Gun’ Ransomware:
Peashooters Can Still Pack a Punch
- Sophos X-Ops and its groundbreaking threat research by
subscribing to the Sophos X-Ops blogs
About Sophos Sophos is a global leader and
innovator of advanced security solutions for defeating
cyberattacks, including Managed Detection and Response (MDR) and
incident response services and a broad portfolio of endpoint,
network, email, and cloud security technologies. As one of the
largest pure-play cybersecurity providers, Sophos defends more than
600,000 organizations and more than 100 million users worldwide
from active adversaries, ransomware, phishing, malware, and more.
Sophos’ services and products connect through the Sophos
Central management console and are powered by Sophos X-Ops,
the company’s cross-domain threat intelligence unit. Sophos X-Ops
intelligence optimizes the entire Sophos Adaptive Cybersecurity
Ecosystem, which includes a centralized data lake that leverages a
rich set of open APIs available to customers, partners, developers,
and other cybersecurity and information technology vendors. Sophos
provides cybersecurity-as-a-service to organizations needing fully
managed security solutions. Customers can also manage their
cybersecurity directly with Sophos’ security operations platform or
use a hybrid approach by supplementing their in-house teams with
Sophos’ services, including threat hunting and remediation. Sophos
sells through reseller partners and managed service providers
(MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More
information is available at www.sophos.com.
Contact: Samantha Powers, sophos@walkersands.com