Ransomware Impacts Across Industries: 2020 Lookback

No one wants to hear “it’s an exciting time in cybersecurity”, but that’s certainly been the case in 2020. We covered a slew of sector-specific impacts in our #CybersecurityMonth webinar on Incident Response, and they’re worth touching on again as ransomware increasingly weaves its way into the fabric of data-driven commerce.

A common thread across sectors has been the ever-advancing integration and democratization of access, running up against the cold shower moment of a global pandemic. From workforces to vendors to customers, more users have their fingers on the proverbial buttons than ever before. In more normal times, that reality might have arrived with the commensurate ramp-up in training and security resources. In COVID times, it’s become a crash course… emphasis on crash.

To that end, a broader range of executives have unwittingly inherited accountability for those fingers — the security meetings once lightly attended by IT managers are now standing room only, with CxOs of all types leaning into the conversation. Operating in the nation where 57% of all ransomware attacks occur tends to have that effect on leadership teams.

Let’s review some of the most prominent ransomware industry impacts we experienced throughout 2020:

AgTech

We’ve seen a widening chasm between equipment manufacturers and farmers, as the reality sets in that farms are very much connected to global digital infrastructure, whether farmers like the sound of it or not. The right-to-repair debate here is a shining example of the scalding hot potato that is risk mitigation.

Logistics & Manufacturing

Logistics & manufacturing paid out 62% of all ransomware demands to cyber criminals in 2019 – so, when COVID ground this sector to a halt, a few companies tried their hand at plugging the leaks instead of paying out. The results this year haven’t proved promising, with businesses sometimes incurring nine-figure expenses to repair flawed security operations… while other organizations find themselves on the wrong side of a conversation with the U.S. Treasury, who decided in October that facilitating ransomware payments looks a lot like a sanctionable offense.

Healthcare

The Healthcare industry was already neck-deep in 2020’s operational stressors before cybersecurity concerns began piling up – but of course, the very nature of a successful cyber attack is that it succeeds when preparedness and responsiveness break down. 73% of hospitals and physician organizations admit they aren’t prepared to deal with such attacks — and while one can certainly appreciate that resourcing human life and wellness should take priority over cybersecurity budgets, we’ve seen growing evidence that a sterile digital environment is just as crucial to patient safety as a sterile operating room.

Given limited resources, what can these industries do right now to make 2021 a more manageable environment? Check out our CxO webinar on incident response for best practices in unpredictable times, or learn more about our suite of services managing cybersecurity strategy.