July 17, 2024 at 11:10AM
Ransomware attack costs on critical national infrastructure organizations surged this year, as Sophos reports a median ransom payment spike to $2.54M, 41 times higher than last year. Costs to recover also rose significantly, with IT sectors reporting the lowest average payment of $330,000, and education and federal government recording the highest at $6.6M. Additionally, the recovery time has increased, prompting debate around the effectiveness of paying ransoms and potential legislative actions to address the issue.
From the meeting notes, we can derive the following key takeaways:
1. Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations have significantly increased. The median ransom payments rose to $2.54 million, a 41 times increase from last year, while the mean payment for 2024 is even higher at $3.225 million.
2. It was noted that IT, tech, and telecoms were the least likely to pay large amounts to cybercriminals, with an average payment of $330,000. Conversely, lower education and federal government organizations reported the highest average payments at $6.6 million.
3. Recovery costs from ransomware attacks have also surged, with some CNI sectors’ costs quadrupling to a median average of $3 million per incident.
4. The energy and water sectors saw the sharpest increase in recovery costs, with the new average being four times greater than the global median cross-sector average of $750k.
5. 67 percent of organizations in the energy and water sectors reported disruption as a result of an attack, higher than the global average of 59 percent.
6. The time taken to recover from ransomware attacks has increased, with just one in five organizations able to recover in a week or less, and an increasing number taking longer than a month.
7. Sophos has highlighted that paying ransom payments appears to work against the best interests of organizations, with an increasing number paying the ransom as part of their recovery, yet the recovery time being extended.
8. The US leads the Counter Ransomware Initiative, which has pledged to stop paying ransoms, although this initiative is not legally binding and has had little real-world effect.
9. There is a debate around introducing laws to ban ransom payments, with the UK planning to introduce the Cyber Security and Resilience Bill, imposing requirements on CNI operators to disclose ransomware attacks.
10. Exploited vulnerabilities topped the list of root causes for CNI ransomware attacks once again this year, accounting for 49 percent of all incidents, compared to 35 percent last year.
These takeaways illustrate the alarming escalation in ransomware attack costs and the need for stronger cybersecurity measures within critical national infrastructure sectors. Actions such as reevaluating the willingness to pay ransoms and implementing legislation to improve cybersecurity posture and disclose ransomware attacks are being discussed as potential solutions to address the growing threat of ransomware attacks.