Our new report The State of Ransomware in Manufacturing and Production 2021 reveals that companies in this sector are the least likely to submit to a ransom demand and the most likely to restore encrypted data from backups of all industries surveyed. Just 19% of organizations whose data was encrypted paid attackers to decrypt their files, compared to a global average of 32%.
The report is based on the findings from an independent survey of 5,400 IT decision makers, including 438 in the manufacturing and production sector, conducted at the start of 2021.
Evolving attacker techniques
Overall, 36% of the manufacturing and production organizations surveyed were hit by ransomware last year which is in line with the global average of 37%. Fortunately for this sector, 68% of those whose data was encrypted were able to restore it using backups, a rate considerably above the global average (57%). This high ability to restore data from backups enables many companies to refuse attacker demands, resulting in the low ransom payment rate.
9% of ransomware victims were hit with extortion-based attacks, a pressure technique where attackers don’t encrypt files, but rather threaten to leak stolen information online if a ransom demand isn’t paid. This rate of extortion is higher than the global average of 7%, and may also be linked to the high use of backups which forces adversaries to find other approaches to make money from victims.
Chester Wisniewski, principal research scientist at Sophos, advises that “backups are vital, but they cannot protect against this risk, so manufacturing and production businesses should not rely on them as an anti-extortion defense. Organizations need to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize today’s advanced human-led cyberattacks.”
The cost of ransomware
The overall cost to manufacturing and production organizations to recover from a ransomware attack last year was, on average, $1.52 million. While this is a very considerable sum, it is less than the global average of $1.85 million. Again, the ability to restore data from backups will play a part in keeping recovery costs down.
Fears for the future
While manufacturing and production companies show good resilience in the face of ransomware, the survey revealed that they have the highest expectation of a future attack of all sectors. Of the respondents not hit by ransomware last year, 77% expect to be hit in the future. The sophistication and prevalence of ransomware are the key factors driving this concern.
A sector heavily impacted by the pandemic
IT teams in manufacturing and production were severely affected by the challenges of 2020. This sector was the least likely to experience a decrease in cybersecurity workload over 2020: just 7% said their cyber workload had decreased, vs. a global average of 13%. It also had the fewest respondents who saw improved response time to IT cases (15% vs. a global average of 20%). The silver lining is that cyber skills also increased, with 71% of respondents saying their team’s ability to further develop cybersecurity knowledge and skills increased over 2020.
Download the full report to explore the reality of ransomware in manufacturing and production. It also includes recommendations from Sophos experts to minimize the impact of ransomware in future.