Bridewell: Ransomware Hit 62% of Critical Infrastructure Groups

According to new data from Bridewell, approximately 62 percent of critical infrastructure organizations have experienced a ransomware attack in the past 12 months, with data theft and loss among the most serious hits. Additionally, phishing and malware attacks were widespread, with organizations on average facing 14 phishing and 11 malware campaigns.

Financial services organizations such as banks, investment banks, credit unions and payment services companies were most impacted, with 78 percent reporting an attack. Respondents in this sector reported an average of 28 incidents of unpatched vulnerabilities exploited, in addition to an average of 28 terrorist threats, 27 incidents of unauthorized device use and 23 malware strikes.

Research also revealed that responses to phishing attacks can take anywhere from 7.3 (federal government organizations) to 15.94 hours (financial services entities).

In light of these concerns, organizations are actively enhancing their cybersecurity measures, with 94 percent of organizations employing at least one AI-driven tool. This can include – but is not limited to – AI-enhanced endpoint protection, automated incident response and network behavior analysis. On average, 65 percent of organizations plan to increase IT security spend compared to last year.

Bridewell surveyed 519 employees responsible for cybersecurity at U.S. critical infrastructure organizations.

“Our research shows ransomware, phishing and malware remain highly potent, but are only part of the wide range of threats confronting U.S. critical infrastructure organizations,” said Chase Richardson, VP of consulting, Bridewell. “Organizations must invest to fortify their defenses against threats which are constantly mutating and increasingly involve AI. Yet they need to be sure they combine innovative technology with human expertise and tested methodologies so they can remain at the cutting-edge without compromising business as usual. Investment is vital to ensure the best possible protection for organizations critical to the US and its economy.”

For the full report, visit Cybersecurity in Critical Infrastructure Organizations: 2024 (bridewell.com).