Ransomware attacks aimed at industrial organizations are increasingly impacting operational technology systems, according to a survey commissioned by OT and IoT security firm Claroty.
Claroty on Wednesday published its 2023 'Global state of industrial cybersecurity' report, which is based on responses from a survey of 1,100 IT and OT security professionals representing organizations in the Americas, EMEA and APAC regions.
Three-quarters of respondents confirmed suffering a ransomware attack in the past year.
In 21% of cases, the attack impacted only IT systems.
In 17% of cases, the incident affected OT systems, and 37% of attacks hit both IT and OT systems.
This 37% is significant, including for the fact that it's a 10% increase compared to 2021, when Claroty commissioned a similar survey.
Globally, 12% of respondents described the impact of the attack as extreme, which means it resulted in signficant or full operations shutdown for more than one week, and 10% said impact was severe, meaning it impacted more than one site or function for over a week.
Of the IT/OT professionals who took part in the survey, two-thirds admitted making a ransom payment in response to the attack, including 6% who admitted paying more than $5 million, and 12% paying $1-5 million.
In 23% of cases, the financial cost incurred as a result of the ransomware attack exceeded $1 million and more than 50% reported costs between $100,000 and $999,000.
A majority of organizations are aware of the potential threat posed by ransomware and have a cyber insurance policy.
Respondents have also been asked about their use of generative AI for cybersecurity and their concerns regarding its use.
More than 60% of organizations use security tools that leverage generative AI and 27% are interested in doing so.
In 44% of cases, the use of AI capabilities actually raises the respondent's security concerns.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 07 Dec 2023 12:13:05 +0000