The global financial impact from catastrophic cyber events that disrupt operational technology could near $330 billion on an annual basis, according to a report that industrial cybersecurity firm Dragos and professional-services firm Marsh McLennan released on Tuesday.
The cost of business interruptions in such a scenario would exceed $172 billion, according to the report. Those estimated losses are based on a so-called 1-in-250-year tail event and factor in global supply-chain impacts and other related events.
Dragos researchers say the indirect losses, including the impact from disrupting normal operations, are the concerns that many companies fail to account for.
“We see OT companies investing the majority of their cybersecurity budget on IT networks,” said Mark Stacey, VP, risk and resilience solutions at Dragos, adding that companies often assume OT functioning as normal when production is ongoing.
“The potential impact of business interruption (whether direct through adversary action or indirect to an abundance of caution) is often underestimated,” he says.
In comparison, the average annual global risk, including business interruption claims, is $12.7 billion, the average global aggregated risk over the next 12 months is $31 billion.
The financial analysis is based on 10 years of breach and insurance-claims data from Marsh McLennan’s Cyber Risk Intelligence Center.
The report provides insights into the risks facing operational technology, which has experienced an increase in attacks in recent years. Manufacturing and other critical infrastructure sectors are increasingly dependent on connected technologies, including the need for remote-access tools that are often connected to the internet.
The report highlights how specific defense strategies can reduce overall risk. The three OT security controls most associated with risk reduction were maintaining a comprehensive incident-response plan, using defensible architecture and performing continuous monitoring to preserve visibility into a network
In recent months, companies have reported significant financial losses from cyberattacks that affected their supply chains or their ability to conduct online transactions.
British department store chain Marks & Spencer took a $400 million hit after a social-engineering attack linked to the Scattered Spider cybercrime group. The company on Monday confirmed that it had restored its online ordering service, months after the April cyberattack.
United Natural Foods, the distributor for retailers including Amazon’s Whole Foods chain, said last month that a cyberattack also linked to Scattered Spider would cost the company at least $350 million in sales.
Source link
