State of Ransomware in Manufacturing and Production in 2024 – Sophos News

Sophos’ latest annual study of manufacturing and production organizations’ real experiences with ransomware examines the entire victim journey, from attack rate and root cause to operational impact and business outcomes.

This year’s report includes new areas of research for the industry, including analysis of ransom demands and ransom payments. Additionally, it sheds light for the first time on the role of law enforcement in remediating ransomware.

Download the report for full results.

Both attack rates and data recovery costs have increased

65% of manufacturing and manufacturing organizations reported being victims of ransomware in the last year. This represents a noticeable increase compared to the previous two years (56% in 2023 and 55% in 2022) and represents an increase of 41% from 2020.

93% of manufacturing organizations that fell victim to ransomware last year said cybercriminals tried to compromise their backups during the attack. Of these, 53% of backup breach attempts were successful.

Additionally, three out of four ransomware attacks on manufacturing organizations (74%) resulted in data being encrypted, the highest encryption rate in the industry over the past five years. This rate is also higher than the 2024 cross-sector average of 70%.

In 2024, manufacturing organizations reported that the average cost to recover from a ransomware attack was $1.67 million, an increase from the $1.08 million reported in 2023.

Devices affected by ransomware attack

On average, 44% of computers in manufacturing and manufacturing facilities are affected by a ransomware attack. End-to-end encryption is extremely rare – only 4% of organizations report that 91% or more of their devices have been impacted.

Six out of ten victims now pay the ransom

While 58% of production workers restored encrypted data using backups, 62% paid a ransom to recover their data. The percentage of manufacturing organizations that paid the ransom has almost doubled compared to our survey in 2023, when the sector recorded one of the lowest ransom payment rates (34%) across all sectors.

A notable change over the past year is the increase in victims’ willingness to use various methods to recover encrypted data (e.g. paying ransom and using backups). This time around, almost half of manufacturing organizations (45%) that encrypted data reported using more than one method, more than double the rate in 2023 (19%).

Ransom payments have increased, but victims rarely pay the requested amount

157 manufacturing industry respondents whose organizations paid the ransom shared the amount actually paid, revealing that the average (median) payment increased 167% over the past year, from $450,000 to $1.2 million.

Although the ransom amount increased, only 27% of production victims said their payment was in line with the original request. 65% paid less than the original demand, and only 8% paid more.

Download the full report for more information on ransom payments and many other areas.

About the survey

The report is based on the results of an independent, vendor-neutral survey commissioned by Sophos of 5,000 IT/cybersecurity leaders in 14 countries in the Americas, EMEA and Asia Pacific, including 585 in the manufacturing sector. All respondents represent organizations employing between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year.