Ransomware Attacks in Manufacturing Pose An Increasing Threat

Cyberattacks are a constant threat to organizations of all sizes. Manufacturing and production industries may have experienced fewer cyberattacks than other industries, but companies are still at risk from bad actors. To gain a better understanding of the current attack environment and track changes over time in ransomware trends, Aunalytics security partner Sophos commissioned an independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations across 31 countries. Out of all the respondents, 419 were from the manufacturing and production industry. This survey was conducted in January and early February of 2022. While it’s true cyber insurance has been playing a greater role in helping organizations improve their ability to recover from attacks, survey responses clearly indicate the rising threat ransomware poses to the manufacturing industry.

Cyberattacks Are Up From Previous Year

Ransomware attacks have increased significantly over the past year—55% of manufacturing and production organizations surveyed were hit by an attack in 2021, up 36% from 2020. Bad actors are now considerably more capable of attacking businesses and executing harmful tactics at scale. The Ransomware-as-a-Service model is one cause of this year’s increased attacks, as the required skill level for bad actors to hamper the day-to-day operations of an organization has gone down significantly.

55% of manufacturing and production organizations were hit by ransomware in 2022

Apart from the rising prevalence of these attacks, the sheer complexity of each attack is also on an upwards trajectory. While the manufacturing and production industry reported the lowest rate of ransomware attacks, but, with over half of all respondents in all surveyed industries reporting that their company was been injured by bad actors, the reality is that every organization is at high risk of attack. In 2021, 57% of attacks in the manufacturing and production industry resulted in important data being encrypted. Additionally, 59% percent of organizations who experienced cyberattacks saw the complexity of the attacks increase, while 61% saw an increase in the overall volume of cyberattacks.

Data Recovery Rates Are Improving

While the increase in cyberattacks paints a bleak picture, there is a silver lining to this dark cloud. 96% of manufacturing and production organizations were able to get some of their encrypted data back. The top method used to restore data was backups, which were used by 58% of organizations whose data was encrypted in an attack. Unfortunately, despite the utilization of backups, a third of the effected organizations still had to pay a ransom to ensure that more their data was restored.

Unfortunately, while paying a ransom typically allows organizations to get some data back, it is proving to be less effective than in years past. On average, in 2021, organizations that paid a ransom only got back 59% of their data, and only 7% of those that paid the ransom got ALL of their data back. This highlights the importance of employing multiple methods to restore data—utilizing backups in particular can improve the speed of recovery and increase the amount of data that can be recovered in the event of an attack.

7% of manufacturers got ALL data back after paying the ransom

Ransom Payments Have Increased

The average ransom pay-out has seen an exponential increase from what was reported in 2020 data, rising from an average of $147K (USD) to a jaw-dropping $2,036,189 (USD) in 2021.

Ransom paid by manufacturing and production organizations

Ransomware Has a Massive Impact on a Company’s Financial Status and Operational Capacity

Even when some of the encrypted data is restored after a cyber-attack, there are additional costs in the form of lost productivity and a decline in operational capacity, which can have a considerable impact on your company. Of those hit by ransomware last year, 77% said their most significant attack impacted their ability to operate, while 71% said it caused them to lose business and/or revenue. The average cost to remediate an attack in 2021 was $1.23M (USD), down from $1.52M (USD) in 2020. This was due in part to cyber insurance providers being able to better guide victims through an effective response more rapidly.

Although there have been improvements in total recovery time over the years, it still took, on average, one week for manufacturing and production organizations to fully recover from the most significant attacks.

Impact of attacks on manufacturing and production

Despite the huge economic costs of ransomware attacks, many organizations are continuing to put their faith in defenses that don’t actually prevent ransomware—only more quickly mitigate its effects. Most of the organizations in the survey who weren’t hit by ransomware in the past year and didn’t expect to be hit in the future cited backups and cyber insurance as reasons why they don’t anticipate an attack. It’s important to note that neither of these elements can actually prevent cyber-attacks.

Simply having security mitigation resources in place does not mean that they will be effective against malicious attacks. Despite having ample resources—in both personnel and technology—organizations will not achieve a high return on investment without a combination of the right technology and expertise to use the technology effectively.

Cyber Insurance Drives Changes to Cyber Defenses

Thankfully, organizations do not have to shoulder the burden of ransomware costs all on their own. The survey found that three out of four manufacturing and production organizations had insurance against ransomware attacks. Organizations that had been previously hit by ransomware attacks in the past were much more likely to have cyber insurance coverage against ransomware. However, many respondents indicated that securing coverage has changed or gotten more difficult to obtain in the past year:

56% said the level of cybersecurity they need to qualify is now higher
53% said policies are now more complex
42% said it is more expensive
35% said fewer companies offer cyber insurance
30% said the process takes longer

As a result, 97% of organizations that have cyber insurance have made changes to their cyber defenses to improve their cyber insurance position. 70% have implemented new technologies and services, while 63% have increased staff training and educational activities, and 59% have changed processes and behaviors.

But It Doesn’t End There

The State of Ransomware 2022 survey by Sophos has revealed that ransomware continues to be an imminent threat for the manufacturing and production industry. For many, choosing an experienced partner with expertise in cybersecurity not only improves their chances of getting approved for the right amount of cyber insurance coverage, but can also ensure that companies see an higher return on investment and improved ability to both prevent and mitigate attacks in the future.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
uncodeAI.css	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.images	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.screen	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
aka_debug		This cookie is set by the provider Vimeo.This cookie is essential for the website to play video functionality. The cookie collects statistical information like how many times the video is displayed and what settings are used for playback.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
player	1 year	This cookie is used by Vimeo. This cookie is used to save the user's preferences when playing embedded videos from Vimeo.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_28928707_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_dc_gtm_UA-28928707-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 7 months	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.