A staggering 27% of organizations utilizing cyber-physical systems (CPS) reported financial losses exceeding $1 million in the past year due to cyberattacks, according to the latest research from Claroty, a company specializing in CPS security. The findings are part of "The Global State of CPS Security 2024: Business Impact of Disruptions," a report based on a survey of 1,100 professionals across sectors such as healthcare, manufacturing, and energy, which reveals the heavy toll that cybersecurity incidents are taking on critical infrastructure.
Ransomware: The Biggest Price Tag
One of the standout revelations from the survey is the impact of ransomware on CPS environments. Over half of the respondents (53%) admitted to paying ransoms over $500,000 to regain access to encrypted systems and files. The healthcare sector is particularly affected, with 78% of healthcare organizations reporting ransom payments of over $500,000. "The impacts from cyberattacks on asset-intensive organizations can be detrimental to operations," stated Grant Geyer, Chief Strategy Officer at Claroty. "It often requires a significant level of loss, like we saw in our study, to spur necessary cybersecurity investments."
Ransomware attacks aren't just costly—they also cause substantial operational disruptions. Nearly half of the surveyed organizations experienced at least 12 hours of operational downtime due to cyber incidents, and a third reported experiencing downtime of a full day or more. For environments where uptime is crucial, such as manufacturing plants or healthcare facilities, these disruptions represent not only lost productivity but also potential risks to human safety and service continuity.
Financial Losses Beyond Ransomware
The study indicates that CPS-enabled businesses face significant financial setbacks beyond ransom payments. The top contributors to financial losses were lost revenue (cited by 39% of respondents), recovery costs (35%), and employee overtime (33%). Many respondents described recovery from a cyberattack as taking a week or more, with 29% indicating it took over a month. These findings underscore the high stakes for organizations that depend on CPS for continuous operations and the potentially long recovery time following a cyber incident.
The Problem with Third-Party Access
The findings also show that third-party supplier access is a major vulnerability point for CPS environments. A significant 82% of respondents reported that at least one cyberattack—and nearly half reported five or more—originated from third-party access in the past year. Yet, worryingly, almost two-thirds of organizations admitted to having only partial or no understanding of how third parties connect to their CPS environment.
The issue of inadequate control over third-party access is a critical challenge for securing CPS. Whether it's a lack of visibility into suppliers' cybersecurity practices or inadequate contractual power to enforce security requirements, the vulnerability introduced by unmanaged third-party connections remains a significant risk. As Geyer added, "Not investing in the unique challenge of protecting CPS can lead to a serious hit to the organization’s bottom line".
Shifting to Proactive Security Strategies
Despite the dire consequences of recent attacks, the report reveals a growing sense of optimism among CPS professionals. A majority (56%) of respondents reported increased confidence in their CPS security capabilities compared to a year ago, and 72% expect to see quantifiable improvements in the coming 12 months. This optimism reflects a gradual shift from reactive security postures to more proactive approaches that address the unique demands of protecting CPS environments.
Organizations are beginning to recognize that cybersecurity is core to their mission, and investing in risk reduction is starting to pay off. Grant Geyer noted that "the insights from this report validate that organizations are beginning to see the payoff of making that investment," highlighting the evolving mindset towards integrating security as an essential component of business operations.
The Road Ahead: A Call for Comprehensive CPS Protection
Claroty's report serves as a wake-up call to asset-intensive sectors globally. As threats to critical infrastructure escalate, the stakes are not just financial—they involve human safety, data integrity, and even national security. Protecting CPS requires more than traditional IT defenses; it demands purpose-built solutions that can secure the convergence of operational technology (OT), IoT, and other connected systems.