The financial impact of a cyberattack targeting a cyber-physical system (CPS) can reach up to $1 million, as affected organizations struggle with revenue loss, recovery costs, and employee overtime.
According to a new Claroty survey of 1,100 security professionals involved in OT, IoT, BMS, and IoMT (connected medical devices), about 45% of organizations suffered losses of $500,000 or more over the past year, while 27% disclosed losses of $1 million or more.
More than half of the respondents in the chemical manufacturing, power and energy, and mining and materials sectors have reported losses greater than $500,000 caused by cyber incidents over the past 12 months, Claroty’s latest Global State of CPS Security report (PDF) shows.
Ransomware attack continue to plague organizations across industries, including critical infrastructure entities, and ransom demands and recovery efforts remain one of the costliest impacts from cyber incidents, the survey found.
More than half of the respondents admitted to meeting ransom demands of over $500,000 to recover encrypted data and restore the affected systems, with the healthcare sector affected the most, where most respondents (78%) reported ransom payments of more than $500,000.
Those who faced cyberattacks disclosed additional impacts, such as downtime of at least 12 hours, recovery operations spanning over a week or more, and cybersecurity impacts such as process manipulation and process disruption.
“Organizations are often faced with recovering from known, good backups in the case of disruptive ransomware attacks or destructive attacks from a state actor. Servers must be re-imaged, mitigations applied, and remediation steps such as patching and firmware updates must be taken,” Claroty notes.
The need for remote access to CPS has resulted in 45% of the surveyed organizations having these assets connected to the internet, and most respondents revealed that at least one cyberattack over the past year originated from a third-party supplier with access to the CPS environment.
The survey also shows that organizations are improving their resilience against these assaults, with most respondents reporting confidence in their organization’s risk reduction efforts.
“Most CPS environments recognize the need for accurate and ongoing asset inventory and visibility into connected assets, and to detect threats and unusual access to systems, prioritize remediation according to system criticality and known exploits, and comply with industry regulations by following accepted standards,” Claroty notes.
To mitigate the risks associated with cyberattacks, organizations are advised to build cybersecurity programs that include asset inventory and visibility, to perform risk assessments across their environments to identify weaknesses, to secure remote access for third-parties, to improve network protections through segmentation, and to deploy threat detection capabilities.
