Global CPS Security Study Reveals Major Financial Impacts and Business Disruptions Amid Persistent Cyber Attacks

Cybersecurity leaders continue to grapple with cybercriminal activity that increasingly affects cyber-physical systems (CPS) including operational technology (OT), internet of things (IoT), internet of medical things (IoMT), and building management systems (BMS), across manufacturing, healthcare, and other critical infrastructure sectors. These attacks can result in significant financial costs and operational disruptions, delays in service delivery, data loss, and manipulations with far-reaching consequences for patient care, public safety, and national and economic security — and new data suggests this trend has persisted into 2024. 

To better understand how critical infrastructure organizations are responding to operational downtime, financial loss, and long recovery times due to cyber attacks, Claroty commissioned an independent global survey of 1,100 information security, OT engineering, clinical & biomedical engineering, and facilities management & plant operations professionals about the business impacts of cyber attacks on their organizations in the past 12 months.  

The results are now available in our new report, The Global State of CPS Security 2024: Business Impact Of Disruptions. Highlights include: 

Cybersecurity Incidents Affecting CPS Result in Steep Financial Losses

• Nearly half of respondents (45%) reported a financial impact of $500,000 USD or more in the last 12 months from cyber attacks affecting CPS, with over a quarter (27%) reporting $1 million or more. 

• Several factors contributed to these losses, the most common being lost revenue (selected by 39% of respondents), recovery costs (35%), and employee overtime (33%).

Ransomware Still Plays Heavily into Recovery Costs

• Over half of respondents (53%) met ransom demands of more than $500,000 USD to recover access to encrypted systems and files in order to resume operations.

• This problem is particularly severe in the healthcare sector – 78% reported ransom payments over $500,000 – as ransomware and extortion-based attacks on hospitals and clinical environments continue to run seemingly unabated. 

Consequential Operational Impacts Felt by Organizations Worldwide

• Nearly half of respondents globally (49%) experienced more than 12 hours of operational downtime resulting from a cyberattack in the last year, and one-third (33%) reported at least a full day of downtime.

• About half (49%) said the recovery process took a week or more and nearly a third (29%) said recovery took over a month.

There is a Remote Access and Supply Chain Problem 

• 45% of respondents said at least half of their organization’s CPS assets are connected to the internet, as increased connectivity and convergence have exacerbated the need for remote access to CPS. The most common connection method is through a virtual private network (VPN), selected by 36% of respondents, which lack CPS-specific security controls. 

• 82% of respondents said at least one cyber attack – and nearly half (45%) said five or more attacks – in the past 12 months originated from third-party supplier access to the CPS environment. And yet, almost two-thirds (63%) admit to having only partial or no understanding of third-party connectivity to the CPS environment.

Resilience Strategies are Paying Off in Risk Reduction

• Respondents expressed growing confidence in their organization’s risk reduction efforts, indicating a growing maturity around the defense of CPS environments and a deeper understanding of their impact on critical infrastructure. 

• Most respondents (56%) have greater confidence in the ability of their organization’s CPS to withstand cyber attacks today versus 12 months ago. Additionally, 72% expect to see quantifiable improvements in their CPS security in the next 12 months. 

Overall, the survey results highlighted the significant financial and business impact of cyber attacks affecting CPS. These results make it abundantly clear that reducing risks to cyber-physical systems must become a top priority for cybersecurity leaders. However, as advanced attackers and criminal entities increasingly target CPS, industrial and healthcare organizations must continue to evolve from an IT security management approach to a CPS specific approach. 

According to Grant Geyer, Chief Strategy Officer at Claroty, “To evolve from this reactionary process to a proactive one that will decrease losses, we also found that organizations are shifting their thinking—they are starting to consider it core to delivering on an organization’s mission. The insights from this report validate that not investing in the very unique challenge of protecting CPS can lead to a serious hit to the organization’s bottom line and that, thankfully, organizations are beginning to see the payoff of making that investment.”

As the study reveals, reducing risks to CPS must be a priority for any cybersecurity leader given the ramped up connectivity of industrial control systems, smart devices and systems, and connected medical devices. To combat these challenges and maintain the availability of production and services, organizations should focus on the following areas:

1. Establish a comprehensive asset inventory

2. Implement strong exposure management strategies 

3. Secure remote access to critical technology and infrastructure

4. Apply network protections to prevent lateral movement

5. Enact strong threat detection capabilities 

To access the full set of findings and analysis, download the Global State of CPS Security Study 2024 here.