Rege, A. (2021). “Critical Infrastructure Ransomware Incident Dataset”. Version 11.3. Temple University. https://sites.temple.edu/care/ci-rw-attacks/ • Critical infrastructure sectors are labelled according to definitions of the US Cybersecurity and Infrastructure Security Agency (CISA). * As of July 2021.
According to Temple University’s Cybersecurity in Application, Research & Education Laboratory, ransomware attacks on critical infrastructure are on the rise, with about 75% of recorded incidents since 2013 having taken place in the last 18 months. The increasing frequency and severity of ransomware attacks are reflected by the steady increase in cyber insurance prices.
Threat actors can target critical infrastructure with geopolitical or financial motivations. They are well aware of the potential knock-on impacts on businesses and economies, as these attacks can cripple unprepared organizations by halting operations for extended periods.
A failure to prevent or respond to ransomware incidents can lead to reputational and liability risks, with lasting impacts on trust dynamics between infrastructure operators and key stakeholders such as governments, investors and consumers. These trust implications are further discussed in Built to Last: Infrastructure and Trust In A Changing World, a new report from Marsh McLennan.