Claroty released new research illuminating the significant business impacts of cyber attacks affecting CPS environments. The report, “The Global State of CPS Security 2024: Business Impact of Disruptions,” is based on a global independent survey of 1,100 infosecurity, OT engineering, clinical & biomedical engineering, and facilities management & plant operations professionals about the business impacts of cyber attacks on their organizations in the past 12 months.
The findings revealed a significant financial impact, with over a quarter (27%) of organizations reporting a financial impact of $1 million USD or more from cyber attacks affecting CPS. Several factors contributed to these losses, the most common being lost revenue (selected by 39% of respondents), recovery costs (35%), and employee overtime (33%).
Ransomware continues to play a big role in recovery costs, as over half of respondents (53%) met ransom demands of more than $500,000 USD to recover access to encrypted systems and files in order to resume operations. This problem is particularly severe in the healthcare sector – 78% reported ransom payments over $500,000 – as ransomware and extortion-based attacks on hospitals and clinical environments continue to run seemingly unabated.
Closely tied to the financial losses are the operational impacts, with one-third (33%) reporting a full day or more of operational downtime that impacted their ability to produce goods or services. About half (49%) said the recovery process took a week or more and nearly a third (29%) said recovery took over a month. This is particularly notable given that CPS environments such as manufacturing plants place a premium on availability and uptime of critical systems – even at the expense of timely security and feature updates.
When considering the root cause of these cyber attacks, third-party and remote access exposures persist across organizations. 82% of respondents said at least one cyber attack—and nearly half (45%) said five or more attacks—in the past 12 months originated from third-party supplier access to the CPS environment. And yet, almost two-thirds (63%) admit to having only partial or no understanding of third-party connectivity to the CPS environment.
While the findings show the last 12 months were both disruptive and costly for most CPS-enabled organizations, respondents also conveyed growing confidence and improvements in their organization’s risk reduction efforts. A majority (56%) have greater confidence in the ability of their organization’s CPS to withstand cyber attacks today versus 12 months ago, and 72% expect to see quantifiable improvements in their CPS security in the next 12 months.
“The impacts from cyber attacks on asset-intensive organizations can be detrimental to operations, and, in reality, often require the level of loss like we saw in our study to make the necessary cybersecurity investments,” said Grant Geyer, Chief Strategy Officer at Claroty. “To evolve from this reactionary process to a proactive one that will decrease losses, we also found that organizations are shifting their thinking—they are starting to consider it core to delivering on an organization’s mission. The insights from this report validate that not investing in the very unique challenge of protecting CPS can lead to a serious hit to the organization’s bottom line and that, thankfully, organizations are beginning to see the payoff of making that investment.”