Whether its creating benchmarks, validating a hypothesis or creating a foundation from which to conduct further analysis, we sure do love our facts. Perhaps the most significant role these findings and figures can play in industrial cybersecurity is validating investments in new resources. This might entail educating or training staff, expanding security teams, purchasing better tools, or simply allocating more time and energy to basic, yet daunting tasks like inventorying OT assets.
The challenge presented by these data collections is that while they prove vital in establishing strategies and getting support for key initiatives, they only tell a portion of the story. So, responding to these findings on a surface-level basis, which happens more than we'd like to admit, will do nothing to lift organizations from their compromised positions.
This dynamic came to mind when reviewing a report from VikingCloud - 170 Cybersecurity Stats and Facts for 2025.
Now, don't get me wrong, there's a ton of great information here, and definitely worth your time. But to ensure we in the OT cybersecurity segment are using this and similar information to its greatest extent, we need to look beyond just the facts in understanding the topic, challenge or situation being presented.
Here are some examples from, again, a great report and tremendous resource, and the additional context needed when addressing these findings within your organization:
- Report: Around 62 percent of ransomware victims in manufacturing pay the ransom demanded of them.
- The Other Half of the Story: Having a response plan in place for ransomware attacks is just as important as taking steps to defend against them. No one wants to support criminals, but manufacturers continue to pay ransoms because they need to get production systems back to normal. Downtime is death in manufacturing. I've seen figures estimating the cost of downtime in a manufacturing plant running anywhere from $50,000 to $250,000/hour, depending on the size of the operation, product being made, and other environmental factors. Even if you fall on the low side of this figure, manufacturers are paying because they literally can't afford not to - and the hackers know it. Backing up data, shifting to non-connected assets, or other actions need to be considered, and response plans need to get prioritized if the rate of payment is going to come down in encouraging hackers to investigate other targets.
- Report: The average cost of a data breach in the manufacturing industry in 2024 was $5.56 million.
- The Other Half: What is typically not part of these figures is the downtime we just discussed, reputational harm, or response measures such as employee training and internal tool investments. Increasing insurance levels to prepare for growing levels of extortion cannot be the only response. I see and hear about far too many manufacturers banking on their insurance policies to offset the costs of ransomware attacks. That is a dangerous and outdated practice that puts the long-term viability of the enterprise at risk. Looking at these escalating figures should correlate with a desire to incorporate proactive measures focused on mitigating costs instead of just bracing for the impact of hacker demands.
- Report: Backdoor attacks account for 28 percent of malicious actions against the manufacturing industry.
- The Other Half: Initial responses to such stats are often met with security audits focused on closing obvious avenues like unmonitored internet connections, vendor security concerns, and API calls. These are all valid, but far from enough. To stop these types of attacks, additional strategies need to be investigated. This means looking into the validity and need of all your connections - both internally and externally - and determining not only if they're secure, but if they're necessary in the first place. These backdoor attacks are also prominent because of the largest vulnerability in the industrial sector - our people. The use of outdated or overly simple passwords, susceptibility to phishing attacks and other social engineering schemes, as well as developing work-arounds to double-factor authentication or similar strategies, allows workers to unintentionally place their company and all of its proprietary, financial and personal data at risk. Cybersecurity training, in the form of desktop exercises, practice ranges or practical exercises will be essential in closing these backdoors.
The industrial cybersecurity landscape grows by the hour. And just as this operating environment becomes more and more complex, so do the bad actors looking to steal, extort and manipulate your data and assets. So when examining all the wonderful data being made available, just make sure your mitigation strategies address the whole story.
