The Sophos report highlights a fourfold increase in recovery costs for the Energy and Water sectors due to ransomware, with attacks often exploiting vulnerabilities and leading to prolonged recovery times despite high ransom payments.
18 July 2024 – Sophos, a global leader in cybersecurity solutions, has released its latest sector survey report, “The State of Ransomware in Critical Infrastructure 2024.” The report reveals a dramatic increase in the median recovery costs for the Energy and Water sectors, which have soared to $3 million—quadrupling the previous year’s costs and significantly surpassing the global cross-sector median.
The survey data, gathered from 275 respondents in energy, oil and gas, and utilities organizations, forms part of a broader study involving 5,000 cybersecurity and IT leaders from 14 countries and 15 industry sectors. Conducted between January and February 2024, the report highlights the escalating impact of ransomware on critical infrastructure.
Chester Wisniewski, global Field CTO at Sophos, explained, “Criminals target sectors where disruptions cause the most public distress, hoping for ransom payments to expedite service restoration. Utilities, given their essential role in society, are prime targets for such attacks.”
Key findings from the report indicate that 49% of ransomware attacks on these sectors began with exploited vulnerabilities. The median ransom payment for the Energy and Water sectors has also increased to over $2.5 million, which is $500,000 higher than the global median. Additionally, these sectors reported a 67% incidence rate of ransomware attacks in 2024, compared to a global average of 59%.
Recovery times have also lengthened significantly, with only 20% of affected organizations managing to recover within a week in 2024, down from 41% in 2023. More concerning, 55% took over a month to recover, a sharp increase from 36% in 2023. Across all sectors, only 35% required more than a month to recover.
The report also noted that the Energy and Water sectors experienced the highest rates of backup compromises (79%) and the third-highest rates of successful encryption (80%).
Wisniewski emphasized that despite 61% of organizations paying ransoms, recovery times did not improve. “High ransom payments not only encourage more attacks but also fail to reduce recovery times,” he said. He advised utilities to monitor vulnerabilities in remote access and network devices continuously and ensure they have 24/7 monitoring and response capabilities. Incident response plans should be as rigorously planned and rehearsed as those for natural disasters.
