/
1 min read

Sophos Reports $3M Median Recovery Costs for Energy and Water Sectors Amid Rising Ransomware Attacks

Sophos has unveiled a sector survey report titled “The State of Ransomware in Critical Infrastructure 2024, revealing that the median recovery costs for the Energy and Water sectors have surged to $3 million, a fourfold increase compared to the global cross-sector median. The report also highlights that 49% of ransomware attacks in these sectors began with an exploited vulnerability.

The report’s data, drawn from 275 respondents in energy, oil and gas, and utilities organizations (part of CISA’s 16 critical infrastructure sectors), forms part of a broader survey of 5,000 cybersecurity and IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.

Chester Wisniewski, global Field CTO, commented, “Utilities are prime targets for ransomware because of their critical public services. The demand for quick recovery increases the pressure to pay ransoms. However, these sectors are vulnerable due to outdated technologies and insufficient IT staffing for proper security measures.

The report also indicates that the median ransom payment in these sectors has increased to over $2.5 million in 2024, which is $500,000 higher than the global median. The Energy and Water sectors reported the second highest rate of ransomware attacks, with 67% of organizations affected in 2024, compared to the global average of 59%.

Key Findings from the Report:

  • Recovery times are lengthening: Only 20% of organizations recovered within a week or less in 2024, down from 41% in 2023 and 50% in 2022. Over 55% took more than a month to recover, compared to 36% in 2023.
  • High rates of backup compromise (79%) and successful encryption (80%) were reported, ranking these sectors among the most affected.
  • Despite 61% of organizations paying the ransom, recovery times were not significantly reduced.

Wisniewski emphasized the importance of proactive measures: “Utilities must recognize their vulnerabilities and ensure robust monitoring and response capabilities to minimize outages and shorten recovery times. Incident response plans should be regularly rehearsed, akin to preparations for natural disasters.

Leave a Reply