As Financial Losses Mount and Cyber Insurance
Premiums Increase, Security Pros are Expected to Adopt Technology
Like Generative AI in OT Environments While Meeting New Regulatory
Standards
NEW
YORK, Dec. 6, 2023
/PRNewswire/ -- Claroty, the cyber-physical systems
protection company, today released new research showing that 75% of
respondents reported being targeted by ransomware in the past year.
The report, "The Global State of Industrial Cybersecurity
2023: New Technologies, Persistent Threats, and Maturing Defenses,"
is based on a global independent survey of 1,100 information
technology (IT) and operational technology (OT) security
professionals who work in critical infrastructure sectors,
exploring industry challenges faced in the past year, their impact
on OT security programs, and priorities moving forward.
The study shows that, when it comes to ransomware attacks, the
impact on OT environments is catching up to the impact on IT
environments. In Claroty's previous survey conducted in 2021, 32%
of ransomware attacks impacted IT only, while 27% impacted
both IT and OT. Today, 21% impact IT only, while 37% impact
both IT and OT – a significant 10% jump for the latter in just two
years. This trend speaks to the expanding attack surface area and
risk of operational disruption that comes with IT/OT
convergence.
On top of the growing operational impact of ransomware, the
staggering financial impact persists. Of the 75% of respondents
whose organizations were targeted by ransomware attacks in the past
year, 69% paid the ransom, and more than half (54%) of those who
paid the ransom suffered financial ramifications of $100,000 USD or more. As a likely result, demand
for cyber insurance is high among respondents. A large majority
(80%) of organizations have cyber insurance policies and about half
(49%) have opted for policies with coverage of half a million
dollars or more.
The pressure of combating increased threats as well as financial
loss comes as new technologies are being integrated into OT
environments. For example, 61% of respondents are currently
utilizing security tools that leverage generative AI and an
alarming 47% say that it raises their security concerns.
In light of these challenges brought on by combating ransomware
and integrating new technology, governments have recognized the
need for industry regulations and standards, which are now driving
OT security priorities and investments. 45% of respondents say that
TSA Security Directives have had the most significant impact on
their organization's security priorities and investments, followed
by CDM DEFEND (39%) and ISA/IEC-62443 (37%).
"Our study shows that there is clearly no shortage of challenges
facing OT security professionals, but we also found tremendous room
for opportunity and appetite to mature security posture across
industrial environments," said Yaniv
Vardi, CEO at Claroty. "Organizations are already working to
bolster their risk assessment, vulnerability management and network
segmentation practices, in order to be highly proactive in their
defense of cyber-physical systems."
While implementing generative AI may be giving some pause,
progress and advancements are being made to close gaps in processes
and technology:
● Network Segmentation: 77% describe
their approach to network segmentation as "moderate" or "mature,"
which is essential for restricting the lateral movement of
cyberattacks through the network, including from IT to OT.
● Vulnerability & Risk Management: 78% described
their approach to identifying vulnerabilities as "moderately" or
"highly" proactive, a notable increase from 66% in 2021. However,
the pace of vulnerability disclosures and patch releases are
outpacing organizations' ability to address them; as a result,
organizations are exploring a variety of risk scoring methods to
help prioritize. The most popular methods are the Common
Vulnerability Scoring System (CVSS), used by 52% of global
respondents, followed by existing security solutions' risk scores
(49%), the Exploit Prediction Scoring System (EPSS) (46%), and the
Known Exploited Vulnerabilities (KEV) Catalog (45%).
● Future Initiatives: The top OT security initiatives
that respondents plan to implement in the next year are risk
assessment (selected by 43% of respondents), followed closely by
asset, change, and/or lifecycle management (40%) and vulnerability
management (39%).
To access the full set of findings and analysis, download "The
Global State of Industrial Cybersecurity 2023: New Technologies,
Persistent Threats, and Maturing Defenses" here.
Methodology
Claroty contracted with Pollfish to
conduct a survey of 1,100 information technology (IT) and
operational technology (OT) security professionals in North America (500), Latin America (100), EMEA (250), and
Asia-Pacific (250). Only
individuals who work full time in IT security, OT security, or as
an OT engineer/operator completed the survey, for a total of 1,100
respondents. More than a dozen industries are represented including
Automotive, Chemical, Electric Utilities, Food & Beverage, Oil
& Gas, Pharmaceutical & Biotechnology, Transportation,
Water & Waste, Consumer Products, Mining & Materials, IT
Hardware, and Forestry, Pulp & Paper. The survey was completed
in November 2023.
About Claroty
Claroty empowers organizations to secure
cyber-physical systems across industrial, healthcare, commercial,
and public sector environments: the Extended Internet of Things
(XIoT). The company's unified platform integrates with customers'
existing infrastructure to provide a full range of controls for
visibility, risk and vulnerability management, threat detection,
and secure remote access. Backed by the world's largest investment
firms and industrial automation vendors, Claroty is deployed by
hundreds of organizations at thousands of sites globally. The
company is headquartered in New York
City and has a presence in Europe, Asia-Pacific, and Latin America. To learn more, visit
claroty.com.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/75-of-the-industrial-sector-experienced-a-ransomware-attack-in-the-past-year-claroty-study-finds-302007202.html
SOURCE Claroty