Companies in the critical infrastructure sectors of energy and water have a significantly higher attack rate of 67 percent than the global average (59 percent). This is according to the Sophos report “The State of Ransomware in Critical Infrastructure 2024”.
Sophos has released the results of its industry study “The State of Ransomware in Critical Infrastructure 2024”, which takes a closer look at the water, energy, oil and gas sectors. The results, from the survey of 5,000 cybersecurity/IT executives worldwide, including 275 from the KRITIS sector, show that the average recovery costs for the energy and water infrastructure sectors quadrupled last year to €2.8 million. These costs are about four times higher than the global and cross-industry average.
Chester Wisniewski, Global Field CTO at Sophos, commented: “Cybercriminals focus on industry sectors that cause the most pain and disruption. Utilities are particularly vulnerable to ransomware attacks due to high availability requirements and a traditionally physically oriented engineering mindset. The combination of legacy technologies without modern security measures and a lack of IT security staff makes them prime targets for attackers.”
Further findings from the study include:
- Almost half of the attacks occurred through exploited vulnerabilities, which explains the rising recovery costs and ransom payments for the energy and water sectors to more than 2.3 million euros in 2024.
- These sectors recorded the second highest rate of ransomware attacks at 67 percent compared to the global average of 59 percent.
- 49 percent of ransomware attacks on these critical infrastructure sectors began with exploited vulnerabilities.
- Energy and water utilities also report longer recovery times: In 2024, only 20 percent of affected companies were able to recover within a week or less, compared to 41 percent in 2023 and 50 percent in 2022. Fifty-five percent needed more than a month to recover, compared to 36 percent in 2023. In contrast, across all sectors, only 35 percent of companies needed more than a month to recover.
Source: www.com-magazin.de
