Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption

This independent, global survey of 1,100 information technology (IT) and operational technology (OT) security professionals who work full time for enterprises that own, operate, or otherwise support components of critical infrastructure, explores how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.

Key findings include:

Ransomware is rampant and payments are prevalent

• A staggering 80% of respondents experienced an attack, with 47% reporting an impact to their OT/industrial control system (ICS) environment.
• More than 60% paid the ransom and just over half (52%) paid $500,000 USD or more.
• More than 90% disclosed the incident to shareholders and/or authorities and 69% believe timely reporting should be mandatory.

Digital transformation, remote work, and staffing shortages persist

• Digital transformation continues to accelerate since the pandemic, and remote/hybrid work will continue at 73% of organizations.
• Nearly 90% are looking to hire, but 54% say it is hard to find enough qualified OT security candidates.

Governance and executive oversight show strong leadership

• More than half of the respondents say their organization’s C-suite and board are very involved in cybersecurity decision-making and oversight.
• More than 60% are centralizing OT and IT governance under the CISO – a recommended best practice.
  Gaps in processes and technology remain
• More than 65% rate their organization’s vulnerability management strategy as moderately to highly proactive, yet ransomware attacks are highly successful.
• Nearly 30% are sharing passwords, 57% employ usernames and passwords, and 44% use VPNs – all areas of opportunity to strengthen resilience.

Investments and priorities aimed at building resilience

• More than 80% of respondents report that both their IT and OT/ICS security budgets have increased.
• Implementing new technology solutions is the top cybersecurity priority, with the Oil & Gas and IT Hardware sectors leading the way, and training is second.