Manufacturing and production companies paid an average ransomware payment of US$2.036 million in 2021, more than double of the cross-sector average estimated at US$812,360 during the same time period.
According to the newly released “The State of Ransomware in Manufacturing and Production” survey report, the manufacturing and production sector forked out the highest ransom payments among other vertical industries.
Diving into the ransom payments further, manufacturing and production has one of the broadest spreads of ransoms across all sectors, with respondents reporting a wide range of payments: one in ten (11%) paid less than US$1K while nearly one third of the respondents (37%) paid more than US$100K. 8% of respondents paid above US$1M or more.
“Manufacturing is an attractive sector to target for cybercriminals due to the privileged position it occupies in the supply chain. Outdated infrastructure and lack of visibility into the OT environment provides attackers with an easy way in and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment,” said John Shier, senior security advisor, Sophos.
He pointed out that while having reliable backups is an important part of recovery, today's ransomware threat requires a detailed response plan that includes human-led threat hunting capabilities.
“Complex attacks require comprehensive protection, which, for many organisations, will include the addition of managed detection and response (MDR) teams who are trained to look for and neutralise active attackers,” said Shier.
The Sophos survey involved 5,600 IT professionals, including 419 from manufacturing and production. Respondents were from mid-sized organisations (100-5,000 employees) across 31 countries. The survey was conducted during January and February 2022, and respondents were asked to answer based on their experiences over the previous year.
Research agency Vanson Bourne was commissioned to conduct the independent, vendor-agnostic survey.
Half of manufacturing and production firms hit by ransomware in 2021
In 2021, the survey found that 55% organisations in the sector reporting being hit by ransomware, up from 36% the previous year. Sophos said this shows that hackers have become considerably more capable of executing the most significant attacks at scale.
The rise in successful ransomware attacks is part of an increasingly challenging threat environment that has affected organisations across all sectors. Respondents across all sectors reported an increase in cyberattack volume, complexity, and/or impact.
Manufacturing and production has been particularly impacted by the changing threat landscape, with 61% of respondents reporting an increase in the volume of attacks on their organisations over the last year (vs. 57% cross-sector average) and 66% reporting an increase in attack complexity (vs. 59% cross-sector average).
“It may be that the sector’s superior ability to stop data encryption has forced adversaries to up their games when it comes to attacks. Alternatively, it may simply reflect an increased focus on the sector by cyber criminals over the last year,” the report said.
Lowest level of backup use across all sectors
Manufacturing and production companies reported the lowest level of backup use across all sectors, with just 58% of respondents using this approach to restore encrypted data compared to the cross-sector average of 73%.
In fact, the sector reduces the use of backup compared with the previous year, when 68% of organisations used backups for data restoration. This is a concerning finding as backups are essential for recovery from ransomware and many other incidents.
Furthermore, almost half of respondents (48%) reported using other means to restore their data.
The percentage using backups, paying ransom, and using other means clearly adds up to more than 100%, indicating that many manufacturing and production organisations use multiple restoration methods in parallel to accelerate incident recovery. Overall, 36% of manufacturing and production victims used multiple methods to restore their data.
Quick recovery from ransomware attack
Survey results showed that the sector is quick to recover from a ransomware attack, with two-thirds of victims (67%) getting back up and running within a week. This is considerably higher than the global cross-sector average (53%), indicating that manufacturing and production is well-placed to recover from attacks.
Further demonstrating this point, just 10% in manufacturing and production said it took them between one and six months to recover, compared to the global average of 20% who recovered within this time.
Following the global trend across multiple industries, manufacturing and production companies have seen a decrease in the average cost to rectify the impact of the most recent ransomware attacks – from US$1.52M in 2020 to US$1.23 in 2021.
Still, Sophos said US$1.23M is still a very large sum that likely has a material impact on SMB organisations in any sector.
“At first sight, it may seem counter-intuitive that the average recovery bill is less than the average ransom payment. However, in many cases, insurance providers cover ransom payments,” the report stated.
There are several factors likely contributing to the below-average recovery bills for manufacturing and production.
First is the lower-than-average impact of ransomware on the operations and revenue of this sector. Secondly, the sector’s impressive ability to stop the attacks before data is encrypted helps keep remediation costs low. Finally, manufacturing and production reported the highest insurance payout rate for certain costs associated with attacks (costs of downtime and lost opportunities, etc.) which likely had a commensurate impact on the total recovery costs for this sector.
Cyber insurance drives improvement in cyber defenses
Many manufacturing and production organisations are choosing to reduce the risks associated with ransomware attacks by taking out cyber insurance coverage. For them, it’s reassuring to know that insurers pay some costs in almost all claims.
However, only 75% of manufacturing and production respondents reported having coverage against ransomware attacks, compared with a cross-sector average of 83%.
Furthermore, as the cyber insurance market hardens and it becomes more challenging to secure coverage, 97% of manufacturing and production organisations that have cyber insurance have amended their cyber defense to improve their cyber insurance position:
- 70% have implemented new technologies/services – highest across all sectors
- 63% have increased staff training/education activities – highest across all sectors
- 59% have changed processes/behaviours
“It is heartening to know that the sector leads the way in terms of implementing new technologies and services and increasing staff training,” the report said.
