One survey highlights the industry’s high level of IT/OT convergence but low level of matching cyber defense urgency

In a Jan/Feb 2022 survey of ransomware trends across 5,600 IT professionals in mid-sized organizations in 31 countries, including a small percent (419 respondents) from the manufacturing and production sector (MAP), the latter industry collectively paid out the highest ransoms—US$2,036,189 versus the average of US$812,360,

While MAP had the highest average ransom payments in the survey, the percentage of organizations that actually paid the ransom was among the lowest across sectors (33% versus 46% for the cross-sector average).

In addition, 66% of MAP organizations surveyed reported an increase in the complexity of cyberattacks, and 61% reported an increase in the volume of cyberattacks when compared to a similar survey in the previous year.

The increase in complexity and volume was also 7% and 4% higher, respectively, than the cross-sector average found in the survey population.

According to John Shier, Senior Security Advisor, Sophos, which commissioned the survey: “Manufacturing is an attractive sector to target for cybercriminals due to the privileged position it occupies in the supply chain. Outdated infrastructure and lack of visibility into the OT environment provide attackers with an easy way in, and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment.”