Respondents say paying ransom is cheaper than – or costs the same as – lost revenue.

A new survey from industrial cybersecurity firm Claroty reveals that a “staggering” 80% of respondents have been victims of ransomware attacks.

The report, ‘The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption,’ states that about half (47%) said it impacted their industrial control systems (ICS) and operational technology (OT).

More than 90% disclosed the incident to shareholders or authorities, and about half (49%) described the impact as “substantial or significant.”

Of the victims, 60% opted to pay the ransom and just over half (52%) paid $500,000 or more. Most of the respondents believed that it would be cheaper – or at least cost the same – to pay the ransom than lose revenue per hour of operational downtime.

And for those that paid the ransom, 28% still experienced substantial impact to operations for more than a week.

“Our research shows that critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there’s also a growing collective interest and desire in protecting our most essential systems,” said Yaniv Vardi, CEO of Claroty, in a statement.

The survey was conducted in September 2021 globally among 1,100 IT and OT security professionals in critical infrastructure roles across more than a dozen industries.

Lack of cybersecurity workers

The demand for digital transformation at enterprises and lack of skilled cybersecurity workers are giving hackers an opportunity to attack critical infrastructure.

Seeing this problem, C-suite executives are getting more involved in cybersecurity matters. The survey said more than 60% are centralizing both OT and IT governance under the chief information security officer (CISO). Moreover, 62% support government regulations to require timely reporting of cybersecurity incidents that affect IT and OT systems.

With attacks increasing, more than 80% of respondents said their IT security budgets have increased since 2020. But the percentage is higher (close to 90%) in industries including IT hardware, oil and gas and electric energy.

Implementing new tech solutions is the top cybersecurity priority, with the oil and gas and IT hardware sectors leading the way; training is second.

New York-based Claroty’s clients include Coca-Cola, General Motors and Pfizer, according to Forbes . It has raised $640 million across five funding rounds, securing capital from the likes of SoftBank Vision Fund, Bessemer Ventures and 40 North Ventures.

Related stories:

Ransomware: The world's no. 1 cybersecurity threat

Cardiologist moonlights as ransomware mastermind

Ransomware deals death blow to historic U.S. college

'Robin Hood' ransomware forces victims to do good