Report Shows AEC Firms Face Greater Risk of Ransomware

The AEC industry is very familiar with good risk management. Whether it is managing safety risk, financial risk, legal risk, or project risk, AEC firms are adept at identifying, prioritizing and mitigating risk.  

Today, the risk of ransomware seems high, with a steady stream of news stories about the latest company to fall victim to an attack. But is it high for everyone in every industry? Being that risk is the combination of probability and impact, what is the likelihood AEC firms will become victims of successful ransomware attacks?

That is what we set out to determine when we initiated our Egnyte’s inaugural State of Ransomware Report for Architecture, Engineering and Construction. Our goal was to look at our entire AEC client base of over 2,700 customers and determine the probability and impact of ransomware attack compared to our other clients. Here is what we found:

  • AEC companies were more than twice as likely as other customers in the sample to be the target of ransomware (Note: Egnyte customers are successfully attacked at a rate of 1.16% of accounts, which is a much lower rate than the industry average of 13.2%)
  • Companies with over 1,000 employees were at the highest risk of attack
  • The overwhelming majority of attacks were against companies in North America
  • More than 31% of the companies that were victims of ransomware were successfully attacked at least once more within a 16-month period, and a small number were attacked more than twice

With the AEC industry being more than twice as likely to fall victim to a successful ransomware attack than our all-industry average, the risk probability is high. But what about the impact?  

A good way to measure impact is to evaluate cost and lost project time, both critical in the AEC industry. In order to get a good baseline, we looked at statistics from sources outside our client base that included all industries, not just AEC. According to Coveware, the average ransom paid in Q1 2021 was $220,298, up 40% from Q4 2020. (Note: no Egnyte account has ever paid a ransom for the recovery of Egnyte managed content.) As for lost project time, the same report found the average incident duration—including the time to resolve data exfiltration incidents and technical challenges from corrupted data—was 23 days.  

Clearly, the impact of ransomware is high. There aren’t many AEC firms that can afford that much ransom or a 23-day stoppage of operations—though Egnyte’s average recovery rate is approximately 70% shorter.  

Good risk management is about trade-offs: which risks can’t be tolerated, which can be mitigated, and which can be accepted? Given the stakes, it’s likely time to reevaluate your firm’s ransomware risk.

If you want to learn more, download a full version of Egnyte’s State of Ransomware Report for Architecture, Engineering and Construction and read our blog, "3 Steps Construction & Engineering Companies Should Take to Prevent Ransomware."

Get started with Egnyte today

Explore the best secure platform for business-critical content across clouds, apps, and devices.

Share this article
Author
Chris Schmitt

View All Posts
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Product and Company Updates
Customer and Partner Updates
Life at Egnyte
Industry Insights
Contact Support