Manufacturing Sector Faces Increased Ransomware Threats: Sophos Report

Sophos has released its study detailing the ransomware experiences of manufacturing and production organizations, providing exclusive insights into attack rates, root causes, operational impacts, and business outcomes.

Ransomware in Manufacturing and Production
@ Sophos

This year’s report includes new areas of investigation, such as ransom demands versus payments and the involvement of law enforcement in ransomware remediation for the first time.

The global industrial cybersecurity market size is expected to growing at a CAGR of 7.7 percent, from $16.3 billion in 2022 to $24.4 billion in 2028.

Rising Attack Rates and Recovery Costs

The Sophos study reveals a troubling trend: 65 percent of manufacturing and production organizations experienced ransomware attacks in the past year, a significant rise from 56 percent in 2023 and 55 percent in 2022, marking a 41 percent increase since 2020.

Moreover, 93 percent of those targeted reported attempts by cybercriminals to compromise their backups, with 53 percent of these attempts proving successful. Data encryption rates in ransomware attacks have also escalated, with 74 percent of attacks resulting in data encryption, the highest rate in five years and above the 2024 cross-sector average of 70 percent.

The financial burden on manufacturing organizations has surged as well. The average cost to recover from a ransomware attack in 2024 was reported at $1.67 million, a sharp increase from $1.08 million in 2023.
Sophos report on ransomware

Impact on Devices and Ransom Payments

Ransomware attacks affected an average of 44 percent of computers within manufacturing and production organizations. Complete environment encryption remains rare, with only 4 percent of organizations reporting over 91 percent of their devices impacted.

Despite efforts to restore encrypted data through backups (58 percent), a growing number of organizations (62 percent) resorted to paying ransoms to recover their data, a notable increase from the 34 percent reported in 2023. This year, nearly half (45 percent) of the organizations used multiple methods to recover data, such as paying the ransom and utilizing backups, compared to 19 percent in 2023.

Soaring Ransom Payments

The average ransom payment has seen a dramatic increase, with respondents reporting a median payment of $1.2 million, up 167 percent from $450,000 the previous year. Interestingly, only 27 percent of victims paid the exact amount demanded by attackers, while 65 percent managed to negotiate a lower sum, and 8 percent ended up paying more.

Survey Details

The findings are based on an independent survey commissioned by Sophos and conducted by Vanson Bourne. It involved 5,000 IT/cybersecurity leaders from 14 countries across the Americas, EMEA, and Asia Pacific, including 585 from the manufacturing and production sector. The survey, conducted between January and February 2024, focused on experiences from the previous year.

Related News

Latest News

Latest News