Manufacturing sector has highest ransomware payments

The manufacturing sector is being extorted for the highest average ransomware payments across all industries, new research from Sophos estimates.

A survey report from the company found that the average manufacturing and production company ransom payment is over US$2 million, compared to US$812,360 across all sectors.

But conversely, the sector was also significantly less likely than the cross-sector average to actually pay a demanded ransom, at 33% compared to 46%. This gives manufacturing one of the lowest rates of ransomware payment across all industries.

Meanwhile two-thirds of companies in the sector reported observing increases in the complexity of cyber attacks, and nearly as many (61%) reported increases in the volume of attacks compared to last year. This compares to a 59% and 57% cross-sector average respectively.

But despite the growing threat, the sector also had the lowest rate of usage of encryption, at 57% compared to a cross-sector average of 65%. The sector also had the lowest percentage rate of adoption of cyber insurance at 75%.

Sophos Senior Security Advisor John Shier said manufacturing is an attractive target for cybercriminals due to the sector’s position in the supply chain.

“Outdated infrastructure and lack of visibility into the OT environment provides attackers with an easy way in and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment,” he said.

“While having reliable backups is an important part of recovery, today’s ransomware threat requires a detailed response plan that includes human-led threat hunting capabilities.”

Image credit: iStock.com/gorodenkoff