AEC Firms are Twice as Likely to Face Ransomware Attacks as Other Industries

More than 30% of architecture, engineering and construction companies that fall prey to successful cyberattacks are victims again one or more times, according to new research from Egnyte

Egnyte Ransomeware
Egnyte Inc.

Research by cloud-security provider Egnyte reveals that architecture, engineering and construction (AEC) firms are more than twice as likely to suffer ransomware attacks than all other industries analyzed in the study. And nearly a third (31%) of AEC companies that were victims of ransomware were attacked at least twice within a 16-month period. A small percentage were attacked even more frequently.

The FBI’s 2020 Internet Crime Report stated that the total number of reported ransomware incidents rose 21% in 2019 to 2,474.

Egnyte’sState of Ransomware Research Report for Architecture, Engineering and Construction’ – compiling insights from the experience of more than 2,700 Egnyte AEC Customers – also found that companies with more than 1,000 employees were at the highest risk of attack, with the overwhelming majority of ransomware attacks targeting North American companies. Egnyte notes that its customers are seeing a much lower incidence of attacks than publicly available sources.

Egnyte’s analysis uncovers several factors working against AEC firms that make them larger targets:

  • The very schedule-driven construction industry means delays due to lack of access to project files significantly impact costs, project timelines, and damage company brand reputations
  • A significant portion of AEC employees work remotely and many companies maintain a shared information environment with a range of outside contractors on job sites, which creates additional entry points for attackers to exploit.
  • Tight profit margins added to the factors above make AEC firms more likely to pay a ransom to get up and running more quickly than other industries.

“The threat of ransomware continues to rise as economic and technological factors make AEC firms prime targets for threat actors,” said Ronen Vengosh, vice president of AEC, Egnyte. “Firms need to invest in a holistic defense program which is a combination of the right prevention technologies, content governance, and user-education so they can mitigate potential attacks and avoid any business disruptions.”

To read more of the research's  findings and tips to protect your organization from ransomware, download a full copy of the report here