Report: 20% of Defense Contractors at Risk for Ransomware Attack


The report measured the cybersecurity protocols undertaken by top defense contractors.

A report featuring some of the United States' top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone.

This data comes from Black Kite, a cybersecurity research firm. Report authors looked defense contractors working in financial services, health care, manufacturing, critical infrastructure and business services, and evaluated each company on their cybersecurity protocols and procedures to determine an industrywide index grade across defense contractors. 

The average score implies a safe level of risk management––and 54% of defense contractors are considered relatively safe from ransomware attacks. However, 43% of contractors were found to have old or dated cybersecurity systems, yielding a higher risk of cyberattacks.

“Cybercriminals are targeting critical infrastructure more than ever, with each attack having a stronger impact on our national security. The trends we’re seeing in our RSI findings are alarming,” Black Kite’s Chief Security Officer Bob Maley said in a press release. “When organizations maintain a continuous view of their cyber risk posture, they are armed with detailed information to protect their most critical assets and controls.”

The report also highlighted that certain industries, namely within the manufacturing sector, were particularly likely to be targeted by hackers. 

Authors also added that a low risk index score, which implies a company is safe from hackers, does not guarantee any immunity to ransomware. 

The report recommends that understanding supply chain risk and continuous vigilance regarding a company’s cybersecurity posture is critical to preventing hacks. It also advocates information sharing between public and private sector companies that experience cyberattacks––a pillar in the Biden administration’s battle to prevent large-scale ransomware attacks.  

“The government will be responsible for setting the precedence for collaboration, with support from cyber-focused organizations that understand the points of concentrated risk in today's digital supply chains,” the report concludes.

Editor's note: This article was updated to clarify that this was a research report, not a survey.