Latest Headlines
Report: Recovery Costs for Energy, Water Infrastructure Sectors Reach $3m Yearly
Emma Okonji
Sophos,a global leader of innovative security solutions for defeating cyberattacks, has released a sector survey report, titled: ‘The State of Ransomware in Critical Infrastructure 2024’, which revealed that the median recovery costs for two critical infrastructure sectors, Energy and Water, quadrupled to $3 million over the past year.
The figure is four times higher than the global cross-sector median. In addition, 49 per cent of ransomware attacks against these two critical infrastructure sectors started with an exploited vulnerability.
Data for the State of Ransomware in Critical Infrastructure 2024 report comes from 275 respondents at energy, oil and gas, and utilities organisations, which fall under the Energy and Water sectors of CISA’s 16 defined critical infrastructure sectors.
The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.
Analysing the report, Global Field CTO at Sophos, Chester Wisniewski, said: “Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly. This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption.”
Wisniewski further said: “Unfortunately, public utilities are not only attractive targets but vulnerable to attacks on many fronts, including the requirement for high availability and safety, as well as an engineering mindset focused on physical security. There’s a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication. Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities and the monitoring required for early detection and response.”
On top of growing recovery costs, the median ransom payment for organisations in these two sectors jumped to more than $2.5 million in 2024, which is $500,0000 higher than the global cross-sector median.
The Energy and Water sectors also reported the second highest rate of ransomware attacks. Overall, 67 per cent of the organisations in these sectors reported being hit by ransomware in 2024, in comparison to the global, cross-sector average of 59 per cent, according to the report findings.