Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

The cost of dealing with a ransomware attack is skyrocketing for some industries

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted.".

The cost of recovering from ransomware attacks has quadrupled for organizations in  critical infrastructure industries, with the median recovery cost for such organizations hitting $3 million in 2024, a new report from Sophos has claimed.

Its survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industries claims the $3 million figure is four times higher than the global cross-section median.

 Furthermore, half (49%) of ransomware attacks against these two critical infrastructure sectors started with an exploited vulnerability, suggesting that the firms were sloppy when it comes to keeping hardware and software up to date.

Software and hardware flaws

“Criminals focus where they can cause the most pain and disruption so the public will demand quick resolutions, and they hope, ransom payments to restore services more quickly. This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption,” said Chester Wisniewski, global Field CTO.

Wisniewski also discussed the fact that many attacks started with a vulnerability, arguing that critical infrastructure firms are pushing older tech into contemporary MOs, without addressing risks: “There’s a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication,” he added. “Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities and the monitoring required for early detection and response.”

Besides growing recovery costs, the median ransom payment for organizations in these two sectors also jumped to more than $2.5 million in 2024, which is $500,000 higher than the global cross-sector median, Sophos further explained. 

The Energy and Water sectors reported the second highest rate of ransomware attacks, with two-thirds (67%) of the organizations in these sectors reported being hit this year 2024. The global, cross-sector average is 59%.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.