The water and energy sector have been the worst hit with the rise in cybercrime recovery costs according to a new report by Cybersecurity firm Sophos.
The survey titled "The State of Ransomware in Critical Infrastructure 2024," shows a staggering increase in recovery costs for the Energy and Water sectors.
Experts from Sophos say that the median recovery costs for these critical infrastructure sectors have quadrupled to $3 million (Sh390 million) over the past year, significantly higher than the global cross-sector median.
The report also reveals that nearly 49 per cent of ransomware attacks on these sectors began with an exploited vulnerability.
According to Sophos global Field Chief Technology Officer Chester Wisniewski, criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly.
“This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption,” said Wisniewski.
The finding show that Public utilities face heightened vulnerability due to older technologies configured for remote management without modern security controls like encryption and multifactor authentication.
Further many of these utilities operate with minimal staffing, lacking the IT resources needed for timely patching and monitoring.
“Criminals target sectors where disruption causes the most pain, hoping for ransom payments to restore services quickly. Utilities, due to their essential functions, are prime targets for these attacks," added Wisniewski.
In addition to soaring recovery costs, the median ransom payment for these sectors rose to over $2.5 million (Sh325 million) in 2024, which is $500,000 (Sh64,97 million) higher than the global cross-sector median.
The Energy and Water sectors also reported a high rate of ransomware attacks, with 67 per cent of organizations affected in 2024, compared to the global average of 59 per cent.
Other key findings from the report include longer recovery times, with only 20 per cent of organizations hit by ransomware recovering within a week in 2024, down from 41 per cent in 2023.
More than 55 per cent took over a month to recover, compared to 36 per cent in 2023, and across all sectors, 35 per cent took over a month to recover.
These sectors reported the highest rate of backup compromise (79 per cent) and the third-highest rate of successful encryption (80 per cent) compared to other industries surveyed.
An increasing number of organizations (61 per cent) paid the ransom as part of their recovery, yet recovery times extended.
The experts say that high ransom rates and amounts encourage more attacks and do not result in shorter recovery times.
"Utilities must monitor their exposure to remote access and network device vulnerabilities and ensure 24/7 monitoring and response capabilities. Incident response plans should be regularly rehearsed, similar to emergency plans for fires or natural disasters," added Wisniewski.
The report is based on data from 275 respondents working in energy, oil and gas, and utilities organizations, part of a broader survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors conducted between January and February 2024.