The most recent Sophos annual examine of the real-world ransomware experiences of producing and manufacturing organizations explores the complete sufferer journey, from assault price and root trigger to operational impression and enterprise outcomes.
This 12 months’s report incorporates new areas of examine for the sector, together with an exploration of ransom calls for vs. ransom funds. Plus, for the primary time, it shines a light-weight on the function of regulation enforcement in ransomware remediation.
Obtain the report to get the complete findings.
Assault charges and restoration prices have each gone up
65% of producing and manufacturing organizations reported they have been hit by ransomware final 12 months. It is a notable enhance from the earlier two years (56% in 2023 and 55% in 2022) and represents a 41% enhance since 2020.
93% of producing organizations hit by ransomware previously 12 months mentioned that the cybercriminals tried to compromise their backups throughout the assault. Of them, 53% of backup compromise makes an attempt have been profitable.
Moreover, three out of 4 ransomware assaults on manufacturing organizations (74%) resulted in information encryption, the best encryption price for the sector within the final 5 years. This price can be larger than the 2024 cross-sector common of 70%.
In 2024, manufacturing organizations reported a imply value of $1.67M to recuperate from a ransomware assault, a rise from the $1.08M reported in 2023.
Gadgets impacted in a ransomware assault
On common, 44% of computer systems in manufacturing and manufacturing are impacted by a ransomware assault. Having your full setting encrypted is extraordinarily uncommon, with solely 4% of organizations reporting that 91% or extra of their gadgets have been impacted.
Six in ten victims now pay the ransom
Whereas 58% in manufacturing restored encrypted information utilizing backups, 62% paid the ransom to get information again. The proportion of producing organizations that paid the ransom has virtually doubled from our 2023 examine when the sector reported one of many lowest ransom cost charges (34%) throughout all sectors.
A notable change during the last 12 months is the rise within the propensity for victims to make use of a number of approaches to recuperate encrypted information (e.g., paying the ransom and utilizing backups). This time round, virtually half of producing organizations (45%) that had information encrypted reported utilizing a couple of methodology, greater than double the speed reported in 2023 (19%).
Ransom funds have soared – however victims hardly ever pay the sum demanded
157 manufacturing respondents whose organizations paid the ransom shared the precise sum paid, revealing that the typical (median) cost has elevated by 167% during the last 12 months, from $450,000 to $1.2M.
Whereas the ransom cost has elevated, solely 27% of producing victims mentioned that their cost matched the unique request. 65% paid lower than the unique demand, whereas solely 8% paid extra.
Obtain the complete report for extra insights into ransom funds and plenty of different areas.
Concerning the survey
The report is predicated on the findings of an impartial, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders throughout 14 nations within the Americas, EMEA, and Asia Pacific, together with 585 from the manufacturing and manufacturing sector. All respondents symbolize organizations with between 100 and 5,000 workers. The survey was carried out by analysis specialist Vanson Bourne between January and February 2024, and individuals have been requested to reply based mostly on their experiences over the earlier 12 months.
