Industrial sectors affected by cyberattacks
It has become evident that critical infrastructure and manufacturing industries worldwide are under threat from cyberattacks, including the massive damage to pipeline operators in North America in 2021. However, from the standpoint of individual businesses, it is difficult to see the actual state how often and what kind of damage is occurring.
Trend Micro conducted a survey of the state of industrial cybersecurity in the manufacturing, electric, and oil and gas companies in 2022. The survey revealed that nine out of 10 organisations have had their production or energy supply impacted by cyberattacks in the last 12 months. Since there is no difference by industry surveyed, it can be said that the cyberattacks are common threats that can have a significant impact regardless of industry.
Consequences due to cyber incidents and the assumed frequency
Figure 1. Consequences due to cyber attacks
How were they affected by the cyberattack?
The survey also asked about the duration of the system disruption and the financial damage. More than half (56%) of respondents who reported incidents said the disruption lasted four or more days. This means that the impact lasted for more than half of a week. Furthermore, the average amount of financial damage was about $2.8 million in the 12 months. When it comes to financial damage, it is easy to imagine payments due to ransomware. However, this expense included in this amount are the costs for recovery, preventing recurrence, and hiring additional staff. Even if it is not ransomware, it can be said that cyber incidents have caused financial damage.
What was the frequency of disruptions?
Regarding the number of disruptions within the last 12 months, 6-10 times was the largest number (44%). Furthermore, about three-quarters (72%) of respondents reported experiencing 6 or more disruptions to their ICS/OT systems in the last 12 months, which is the equivalent of one disruption every two months.
Figure 2. Frequency of ICS/OT disruptions
What is causing problems? What security measures are in place?
As IT and OT become increasingly interconnected, cyber threats are carried out across these environments. To ensure resilient operations, it is time for organisations to assess cyber risks and update their cybersecurity strategies.
Download a full report “Survey: The State of Industrial Cybersecurity” to learn more about the challenges facing manufacturers, electric, and oil and gas companies, their causes, and the state of industrial cybersecurity measures.