Cyber-physical systems protection company Claroty has released new research highlighting the significant business impacts of cyber attacks affecting CPS environments.
The report, titled The Global State of CPS Security 2024: Business Impact of Disruptions, is based on a global independent survey of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management & plant operations professionals about the business impacts of cyber attacks on their organisations in the past 12 months.
The findings revealed a significant financial impact, with 22% of organisations in the Australia and New Zealand (ANZ) region reporting a financial impact of USD1 million or more from cyber attacks affecting cyber-physical systems (CPS). Several factors contributed to these losses, the most common being loss of customer or partner relationships (19%), lost revenue (15%), and regulatory fines (12%).
Ransomware continues to play a big role in recovery costs, as three-quarters of ANZ respondents met ransom demands of more than USD500,000 USD to recover access to encrypted systems and files in order to resume operations. This problem is particularly severe in the healthcare sector. Globally, 78% of healthcare sector respondents reported ransom payments over USD500,000 as ransomware and extortion-based attacks on hospitals and clinical environments continue to run seemingly unabated.
Closely tied to the financial losses are the operational impacts, with 25% of ANZ respondents reporting a full day or more of operational downtime that impacted their ability to produce goods or services, while 40% said the recovery process took a week or more, and 18% said recovery took over a month. This is particularly notable given that CPS environments such as manufacturing plants place a premium on availability and uptime of critical systems – even at the expense of timely security and feature updates.
When considering the root cause of these cyber attacks, organisations in ANZ felt they were lacking certain security capabilities that could have decreased the negative impacts they experienced; they cited a lack of exposure management (16%) and not having an OT-specific SOC to respond to attacks (14%).
In the past 12 months, 93% of ANZ organisations surveyed had one or more cyber attacks originate from third-party supplier access to their CPS environment, while 47% reported five or more attacks occurred this way. And yet, 58% admit to having only partial or no understanding of third-party connectivity to their CPS environment.
While the findings show the last 12 months were both disruptive and costly for most CPS-enabled organisations, ANZ respondents also conveyed growing confidence and improvements in their organisation’s risk reduction efforts. A majority (73%) have greater confidence in the ability of their organisation’s CPS to withstand cyber attacks today versus 12 months ago, and 100% expect to see quantifiable improvements in their CPS security in the next 12 months, while 36% are already seeing quantifiable improvements.
“Australian organisations across a range of different verticals are reporting similar risks to their CPS networks, particularly regarding the remote locations of some of these networks which can make them difficult to access,” said Claroty ANZ Regional Director Leon Poggioli. “This growing risk to CPS has been reflected in legislation changes, including the SOCI Act and industry-specific standards such as AESCSF, which ensures organisations have an accurate inventory of all CPS assets and an understanding of the key risks these assets face.”
The survey results also reveal how critical it is for Australian organisations to implement secure access principles, not just for third-party contractors but also for their own internal users. This provides an additional layer of auditability and monitoring on critical assets, which can have important safety and production implications in the case of a cyberattack. The bottom line is that if your organisation operates a CPS network, that network is most likely going to be your core business, making it all the more imperative to prioritise the cybersecurity of that infrastructure.
“The impacts from cyber attacks on asset-intensive organisations can be detrimental to operations, and, in reality, often require the level of loss like we saw in our study to make the necessary cybersecurity investments,” said Claroty Chief Strategy Officer Grant Geyer. “To evolve from this reactionary process to a proactive one that will decrease losses, we also found that organisations are shifting their thinking. They are starting to consider it core to delivering on an organisation’s mission. The insights from this report validate that not investing in the very unique challenge of protecting CPS can lead to a serious hit to the organisation’s bottom line and that, thankfully, organisations are beginning to see the payoff of making that investment.”
You can read the full report here.
