The Rising Cost of Ransomware Attacks on Critical Infrastructure
The costs of ransomware attacks on critical national infrastructure (CNI) firms have soared over the last year.
According to Sophos' newest numbers, which were revealed today, the typical ransom payment increased to $2.54 million, more than 41 times last year's total of $62,500. The mean payment for 2024 is considerably greater, at $3.225 million, representing a less dramatic 6-fold rise.
IT, technology, and telecoms were the least likely to pay large sums to hackers, with an average payment of $330,000, but lower education and federal government organizations reported the highest average payments of $6.6 million.
The figures are based solely on ransomware victims who were willing to reveal the specifics of their mistakes, thus they do not provide the full picture.
The Escalating Financial Burden
Only 86 of the 275 CNI organizations surveyed provided statistics on ransom payments. There's a significant risk that the results would be distorted if all of the CNI ransomware victims polled were completely upfront with their information.
Costs to recover from ransomware attacks have also increased dramatically since the researchers' findings last year, with some CNI industries' costs quadrupling to a median average of $3 million per event.
The Impact on Critical Infrastructure
According to the report, only one in every five people were able to recover in a week or less, down from 41 percent the previous year and 50 percent the year before that. The percentage of victims who take more than a month to recuperate has also increased to 55%, up from 36% last year.
Sophos stated in its analysis that this could be due to attacks getting more sophisticated and complicated, requiring more work from the IT team to effectively repair all of the damage caused by the crimes. However, the vendor's global field CTO, Chester Wisniewski, believes the industries should reevaluate their propensity to pay ransoms.
