Key Findings
Organizations with OT environments underestimate the risk of a cyberattack
Fifty-six percent of all respondents are highly confident that their organization will not experience an OT breach in the next year, yet 83% said they had at least one OT security breach in the prior 36 months. Seventy-one percent of utilities respondents are highly confident they will not experience a breach in the next year, yet 87% said they had at least one OT security breach in the prior thirty-six months.
Apathy is a cybersecurity risk
Forty percent of all respondents said that OT is an afterthought to other digital initiatives.
Maintaining compliance is a top concern
Maintaining compliance with regulations and requirements was the most common top concern of all respondents.
Network complexity increases OT risk
Seventy-eight percent of all respondents said that complexity due to multivendor technologies is a challenge in securing their OT environment. Almost half of CISOs and CIOs said that disjointed architecture across IT and OT pose the greatest security risk in their OT environment.
Functional silos lead to fragmented security approaches
Architects, Engineers, CIOs, CISOs, and Plant Managers agree that functional silos are a top challenge they face in securing OT infrastructure. Over one-third of all respondents said that a top barrier to improving security programs is a lack of central oversight due to decisions made in individual business units.
Third party risk abounds
Forty percent of all respondents said that supply chain/third party access to the network is one of the top three highest security risks. Yet, less than half said their organization as a third-party access policy that applied to OT.
Need to remediate without causing downtime
Seventy-three percent of all respondents said that reliance on manual or ad-hoc scans is challenging. Almost half of CISOs and CIOs said the inability to conduct necessary path analysis across their network to understand exposure is a top security risk to their OT environment. Nearly half of IT Directors/ Managers are concerned about maintaining uptime and availability when implementing remediation solutions.