OT/IoT Cybersecurity Trends and Insights

Regulatory pressures around the globe are requiring CISOs and corporate boards to assume greater accountability for enterprise-wide cybersecurity, including operational technology (OT), industrial control systems (ICS) and Internet of Things (IoT) devices. In the U.S., the Securities and Exchange Commission now requires public companies to disclose information on “material” breaches and document their overall risk management, strategy and governance framework. Such regulatory pressure, coupled with rising cyber insurance costs and coverage restrictions, may be the forcing function needed for companies to adopt holistic strategies.

These are well-known challenges, however. CISOs are assuming responsibility for security domains they know little about that require different tools and methods. Bringing OT and IoT security into the enterprise fold means CISOs must also overcome cultural silos between InfoSec and OT engineering teams that have impeded efforts to secure the expanding attack surface. Meanwhile, OT software and hardware vulnerabilities continue to increase, threat actors are harnessing AI

in an effort to stay ahead of defenders and the geopolitical climate is intensifying. In this report, we look at the trends affecting OT and IoT cybersecurity for the first five months of 2024 and what they mean for InfoSec executives and owners/operators of critical infrastructure.