More than half of survey participants confess to paying ransom exceeding $500,000
A recent report by Claroty analyzed the security of Cyber-physical systems (CPS) and highlighted a significant financial impact. The findings showed that 27% of organizations reported financial losses of $1 million or more due to cyberattacks affecting CPS. The main contributors to these losses were lost revenue (39% of respondents), recovery costs (35%), and employee overtime (33%).
Ransomware continues to be a major factor in recovery costs, with 53% of respondents disclosing that they paid ransom demands exceeding $500,000 USD to regain access to encrypted systems and files. The healthcare industry is particularly vulnerable to ransomware attacks, with 78% reporting payments over $500,000.
The financial losses incurred also translated into operational impacts, with 33% experiencing a full day or more of operational downtime affecting production. Nearly half (49%) reported a recovery period of a week or longer, and 29% stated that recovery took over a month. These extended recovery times are of concern in CPS environments like manufacturing plants that prioritize system availability and uptime over security updates.
The report also highlighted the persistence of third-party and remote access vulnerabilities as root causes of cyberattacks. Eighty-two percent of respondents reported at least one cyberattack originating from third-party supplier access, with 45% experiencing five or more such attacks in the past year. Alarmingly, 63% admitted to having limited or no understanding of third-party connectivity to the CPS environment.
