SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Australian firms lost over USD $1m in CPS cyber attacks

Thu, 3rd Oct 2024

Claroty has published new research highlighting the substantial business impacts of cyber attacks on cyber-physical systems (CPS) within Australian organisations.

According to the study, one in five organisations reported financial losses exceeding USD $1 million due to these attacks over the past year.

The report, titled "The Global State of CPS Security 2024: Business Impact of Disruptions," draws on a global survey of 1,100 professionals from various sectors, including infosecurity and operational technology. It reveals that 22% of organisations in the Australia and New Zealand (ANZ) region have faced significant financial repercussions due to cyber attacks on their CPS environments.

Ransomware attacks have been particularly costly for these organisations, with 75% of ANZ respondents stating that they met ransom demands exceeding USD $500,000 to regain access to encrypted systems and data. The healthcare sector appears to be particularly affected globally, as 78% of respondents in the sector reported paying ransoms surpassing USD $500,000.

Operational disruptions were also significant, with over 25% of organisations experiencing a full day or more of downtime, which impacted their ability to provide goods or services. Additionally, 40% of respondents indicated that the recovery process took a week or more, while 18% reported that recovery took over a month. Such disruptions are critical in CPS environments, where availability and uptime are paramount.

Cyber attacks in the ANZ region frequently originated from third-party supplier access, with 93% of surveyed organisations experiencing at least one attack through this vector, and nearly half (47%) facing five or more such attacks. Despite these incidents, a majority (58%) of organisations acknowledged having only limited understanding of the connectivity framework between their CPS and third-party systems.

Leon Poggioli, ANZ Regional Director at Claroty, commented on the findings, saying, "Australian organisations across a range of different verticals are reporting similar risks to their CPS networks, particularly regarding the remote locations of some of these networks which can make them difficult to access." He emphasised the importance of maintaining an accurate inventory of all CPS assets and understanding the associated risks, noting that this is increasingly being mandated through legislative changes and industry standards.

Grant Geyer, Chief Strategy Officer at Claroty, highlighted the need for organisations to transition from a reactive to a proactive cybersecurity posture. "The impacts from cyber attacks on asset-intensive organisations can be detrimental to operations, and, in reality, often require the level of loss like we saw in our study to make the necessary cybersecurity investments." He noted that organisations are beginning to view security as central to accomplishing their mission, as opposed to an ancillary expense.

Despite the challenges faced, there is growing confidence among ANZ organisations in their ability to withstand cyber threats. The survey indicates that 73% of respondents now have greater confidence in their CPS security compared to the previous year. Furthermore, there is widespread optimism about future improvements, with all respondents expecting to see quantifiable advancements in the coming year.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X