Kaspersky has released the results of a new survey, conducted by ARC Advisory Group, on the state of cybersecurity of industrial control systems in 2019 and the related priorities, concerns and challenges. The study explores the status quo and the future development of industrial cyber-security. 282 industrial companies and organizations across the globe were surveyed online and 20 industry representatives were interviewed personally. The findings of the survey are presented in the report, The State of Industrial Cybersecuity 2019. The survey has been conducted annually since 2017.

Key findings

• More than 80% of the companies surveyed stated that ICS cybersecurity is a high priority. However, only 31% have implemented an incident response program, while 37% said they would implement one within the next 12 months.
• More than half (52%) of the companies surveyed are aware of the need to provide more resources for ICS cybersecurity. However, while funds are often budgeted for investment in endpoint protection or OT audits, a lack of experts remains a problem for the industry and resources are not being allocated to solve it.
• 41% of the companies surveyed stated that they had not experienced any cyber-incidents or security breaches in the last 12 months. This is lower than last year’s figure: 51% of the companies surveyed gave a similar response in 2018. While this appears to be a negative development, it is possible that some of the respondent companies were simply unable to identify all incidents in 2018.
• About 70% of the companies surveyed consider an attack on their ICS “very likely” or “quite likely”. Despite this, many have yet to define their own approach to implementing OT/ICS cybersecurity.
• In many cases, a company’s own workers pose a security threat. Their errors can lead to the disruption of industrial automation systems’ operation. This is partly due to the lack of awareness. Hence, almost half (48%) of the companies surveyed plan to spend more on training.

Source: Kaspersky