Introducing Claroty xDome Secure Access:
Learn More
Claroty Toggle Search

Press Release

80% of Critical Infrastructure Organizations Experienced Ransomware Attacks Last Year

New report from Claroty highlights the cybersecurity challenges facing critical infrastructure organizations the past year, how they dealt with them, and their new priorities

NEW YORK – February 3, 2022 – Claroty, the security company for cyber-physical systems (CPS) across industrial, healthcare, and enterprise environments, today released a new report, revealing that 80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020. Titled "The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption," the report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.

Of the 80% of respondents who experienced a ransomware attack, 47% reported an impact to their industrial control system (ICS) environment and over 60% paid the ransom, more than half of which cost $500,000 or more. Additionally, the majority of respondents estimated a loss in revenue per hour of downtime to their operations equal to or greater than the payout. Even among those who did pay the ransom, 28% still experienced substantial impact to operations for more than a week. These findings suggest that, despite the well-known downsides of paying the ransom, the alternative (revenue loss due to prolonged operational downtime) is too costly for most victim organizations to justify.

The report also found that the combination of the ever-accelerating digital transformation and limited availability of skilled cybersecurity workers has resulted in several high-profile attacks on critical infrastructure. In response, many C-suite executives have become heavily involved in the decision-making and oversight of their organization's cybersecurity practices. In fact, more than 60% are centralizing both OT and IT governance under the CISO. In addition, 62% are supportive of government regulators enforcing mandatory and timely reporting of cybersecurity incidents that affect IT and OT/ICS systems.

Additional Key Findings and Analysis: 

  • Digital transformation, remote work, and staffing shortages persist: Digital transformation continues to accelerate since the start of the pandemic, as 73% of organizations plan to continue remote/hybrid work in some capacity. Nearly 90% of respondents are looking to hire more OT security staff, but 54% say it is hard to find qualified candidates.

  • Gaps in processes and technology remain: While more than 65% rate their organization's vulnerability management strategy as moderately to highly proactive, ransomware attacks are still highly successful. This could be due to the fact that nearly 30% are sharing passwords, 57% employ usernames and passwords, and only 44% use VPNs – all areas of opportunity to strengthen resilience in OT environments.

  • Investments and priorities aimed at building resilience: More than 80% of respondents report that both their IT and OT/ICS security budgets have increased since 2020. The number is close to 90% in industries including IT Hardware, Oil & Gas, and Electric Energy. Implementing new technology solutions is the top cybersecurity priority, with the Oil & Gas and IT Hardware sectors leading the way, and training is second.

"Our research shows that critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there's also a growing collective interest and desire in protecting our most essential systems," said Yaniv Vardi, CEO of Claroty. "Security leaders looking to take their programs to the next level must account for all cyber-physical systems in their risk governance practices, segmenting their IT and OT networks and assets, extending their general IT cybersecurity practices to their OT devices, and consistently monitoring for threats across all networks."

To access the full set of findings and analysis, download "The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption" report here.


Claroty contracted with Pollfish to conduct a survey of information technology (IT) and operational technology (OT) security professionals in the United States (500), Europe (300), and Asia-Pacific (300). Only individuals who work full time in IT security, OT/industrial control system (ICS) security, or as an OT/ICS engineer or operator completed the survey, for a total of 1,100 respondents. Slightly more than half (55%) of the organizations included have at least $1B in revenue. More than a dozen industries are represented including IT Hardware, Oil & Gas (including Pipelines), Consumer Products, Electric Energy, Pharmaceutical/Life Sciences/Medical Devices, Transportation, Agriculture/Food & Beverage, Heavy Industry, Water & Waste, and Automotive. The survey was completed in September 2021.

About Claroty

Claroty empowers organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). The company's unified platform integrates with customers' existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Backed by the world's largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America.

Interested in learning about Claroty's Cybersecurity Solutions?

LinkedIn Twitter YouTube Facebook