One out of five (22%) organisations in the ANZ region reported a losing US$1 million or more from cyber attacks affecting cyber-physical systems (CPS), according to Claroty’s The Global State of CPS Security 2024: Business Impact of Disruptions.
The report details significant business impacts of cyber attacks affecting CPS environments.
According to the report, several factors contributed to these losses, the most common being loss of customer or partner relationships (19%), lost revenue (15%), and regulatory fines (12%).
Ransomware plays a big role in recovery costs as three quarters of ANZ respondents (75%) met ransom demands of more than US$500,000 to recover access to encrypted systems and files in order to resume operations.
{loadposition kenn}
This problem is particularly severe in the healthcare sector—globally, 78% of respondents reported ransom payments over US$500,000—as ransomware and extortion-based attacks on hospitals and clinical environments continue to run seemingly unabated.
Closely tied to the financial losses are the operational impacts, with more than a quarter of ANZ respondents (25%) reporting a full day or more of operational downtime that impacted their ability to produce goods or services, while over a third (40%) said the recovery process took a week or more, and 18% said recovery took over a month.
This is particularly notable given that CPS environments such as manufacturing plants place a premium on availability and uptime of critical systems – even at the expense of timely security and feature updates.
When considering the root cause of these cyber attacks, organisations in ANZ felt they were lacking certain security capabilities that could have decreased the negative impacts they experienced; they cited a lack of exposure management (16%) and not having an OT-specific SOC to respond to attacks (14%).
In the past 12 months, nearly all (93%) of ANZ organisations surveyed had one or more cyber attacks originate from third-party supplier access to their CPS environment, while nearly half (47%) reported five or more attacks occurred this way.
And yet, a majority (58%) admit to having only partial or no understanding of third-party connectivity to their CPS environment.
While the findings show the last 12 months were both disruptive and costly for most CPS-enabled organisations, ANZ respondents also conveyed growing confidence and improvements in their organisation’s risk reduction efforts.
A majority (73%) have greater confidence in the ability of their organisation’s CPS to withstand cyber attacks today versus 12 months ago, and 100% expect to see quantifiable improvements in their CPS security in the next 12 months, while 36% are already seeing quantifiable improvements.
“Australian organisations across a range of different verticals are reporting similar risks to their CPS networks, particularly regarding the remote locations of some of these networks which can make them difficult to access,” said Claroty ANZ regional director Leon Poggioli.
“This growing risk to CPS has been reflected in legislation changes including the SOCI Act and industry-specific standards such as Australian Energy Sector Cyber Security Framework (AESCSF), which ensures organisations have an accurate inventory of all CPS assets and an understanding of the key risks these assets face.
“The survey results also reveal how critical it is for Australian organisations to implement secure access principles, not just for third-party contractors but also for their own internal users. This provides an additional layer of auditability and monitoring on critical assets, which can have important safety and production implications in the case of a cyberattack.”
“The bottom line is – if your organisation operates a CPS network, that network is most likely going to be your core business, making it all the more imperative to prioritise the cybersecurity of that infrastructure.”
“The impacts from cyber attacks on asset-intensive organisations can be detrimental to operations, and, in reality, often require the level of loss like we saw in our study to make the necessary cybersecurity investments,” said Claroty chief strategy officer Grant Geyer.
“To evolve from this reactionary process to a proactive one that will decrease losses, we also found that organisations are shifting their thinking—they are starting to consider it core to delivering on an organisation’s mission.”
“The insights from this report validate that not investing in the very unique challenge of protecting CPS can lead to a serious hit to the organisation’s bottom line and that, thankfully, organisations are beginning to see the payoff of making that investment.”
The research is based on a global independent survey of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management and plant operations professionals about the business impacts of cyber attacks on their organisations in the past 12 months.