Published on November 9, 2023, 5:09 am
Manufacturing and production companies faced significant ransomware payments in 2021, with an average payment of US$2.036 million. This amount was more than double the cross-sector average of US$812,360 during the same period. These findings were highlighted in the “The State of Ransomware in Manufacturing and Production” survey report released by Sophos.
Among various industries, manufacturing and production paid the highest ransom amounts. The sector displayed a wide range of ransom payments, with 11% paying less than US$1K and 37% paying over US$100K. Additionally, 8% of respondents paid above US$1M or more for ransomware attacks.
John Shier, Senior Security Advisor at Sophos, explained that manufacturing is an attractive target for cybercriminals due to its privileged position in the supply chain. Outdated infrastructure and a lack of visibility into operational technology (OT) environments provide hackers with easy access to breached networks. The convergence between IT and OT further expands the attack surface and compounds an already complex threat environment.
Shier emphasized that while having reliable backups is crucial for recovery, dealing with today’s ransomware threats requires a detailed response plan that includes human-led threat hunting capabilities. He recommended comprehensive protection measures such as managed detection and response (MDR) teams trained to identify and neutralize active attackers.
The survey conducted by Sophos involved 5,600 IT professionals from mid-sized organizations across 31 countries. Out of this sample size, 419 respondents were from manufacturing and production sectors. Data collection took place from January to February 2022, requiring respondents to base their answers on experiences from the previous year. The research agency Vanson Bourne conducted this independent survey.
The report highlighted several key points about the manufacturing and production sector’s experience with ransomware attacks. In 2021, 55% of organizations reported being hit by ransomware—a significant increase from the previous year’s 36%. This surge in successful ransomware attacks reflects the rising challenges faced by organizations across all sectors, including increased cyberattack volume, complexity, and impact.
Manufacturing and production companies were particularly affected by this evolving threat landscape. Sixty-one percent of respondents reported an increase in attack volume, while 66% experienced an increase in attack complexity. The report suggested that adversaries might have upped their game due to the sector’s ability to prevent data encryption or a heightened focus on manufacturing and production by cybercriminals.
Backup usage was found to be significantly lower in manufacturing and production compared to other sectors. Only 58% of respondents reported using backups for data restoration, while the cross-sector average stood at 73%. Moreover, there was a decrease in backup utilization compared to the previous year. Nearly half of the respondents (48%) used alternative methods for data restoration.
Interestingly, many manufacturing and production organizations employed multiple restoration methods simultaneously to expedite incident recovery—around 36% of victims reported using multiple approaches when restoring their data.
The survey also revealed that the manufacturing and production sector demonstrated swift recovery from ransomware attacks. Approximately 67% of victims managed to resume operations within a week, surpassing the global cross-sector average of 53%. Additionally, only 10% stated it took them between one and six months to recover, compared to the global average of 20%.
Although there has been a decrease in the average cost of recovering from ransomware attacks for manufacturing and production companies—from US$1.52M in 2020 to US$1.23M in 2021—Sophos emphasized that this is still a substantial sum with potential material impact on small and medium-sized businesses (SMBs).
The report shed light on factors contributing to below-average recovery costs for this sector. Manufacturing and production faced lower-than-average impacts on operations and revenue due to ransomware incidents. The sector’s ability to prevent attacks before data encryption also kept remediation costs in check. Additionally, the sector reported the highest insurance payout rate for certain attack-associated costs, which further restrained recovery expenses.
To mitigate ransomware risks, many manufacturing and production organizations adopted cyber insurance coverage. However, only 75% of respondents had coverage against ransomware attacks, slightly below the cross-sector average of 83%. As the cyber insurance market becomes more challenging to navigate, 97% of manufacturing and production organizations with coverage amended their cyber defenses to bolster their position. The sector led the way by implementing new technologies/services (70%), increasing staff training/education activities (63%), and changing processes/behaviors (59%).
In conclusion, the survey findings reveal that manufacturing and production companies faced substantial ransomware payments in 2021 compared to other industries. While the sector displayed resilience in recovering from attacks, it is crucial to prioritize comprehensive protection measures, including human-led threat hunting capabilities and effective backup strategies. Furthermore, the increased adoption of cyber insurance coverage indicates an ongoing commitment by manufacturing and production organizations to enhance their cyber defenses against ransomware attacks.