International cybersecurity company, Fortinet, has announced the findings from its global 2023 State of Operational Technology and Cybersecurity report.
In a statement, Fortinet explained that its report is based on data from an in-depth worldwide survey of 570 operational technology (OT) professionals, conducted by a third-party research company.
Survey respondents were from different locations around the world, including Argentina, Brazil, Colombia, Mexico, Canada, Australia, New Zealand, France, Germany, India, Japan, South Africa, United Kingdom, and United States, among others.
What’s more, respondents represented a range of industries that are heavy users of OT in respective manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater sectors.
Most of those surveyed, no matter their title, are deeply involved in cybersecurity purchase decisions. And these individuals increasingly have the final say in OT purchase decisions. This year’s survey found that 91 per cent of respondents are regularly involved in their organisation’s cybersecurity purchase decisions.
In addition to the latest trends and insights impacting OT organisations, the report also provides a roadmap to help IT and security teams better secure their environments.
Key findings from the global survey include:
- OT continues to be targeted by cybercriminals at a high rate: Three-fourths of OT organisations reported at least one intrusion in the last year. Intrusions from malware (56 per cent) and phishing (49 per cent) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32 per cent, unchanged from 2022). Latin America and the Caribbean have the most significant concerns about ransomware’s impact on OT environments; 63 per cent said ransomware represented the biggest impact in the last year.
- Cybersecurity practitioners overestimated their OT security maturity: In 2023, the number of respondents who consider their organisation’s OT security posture as “highly mature” fell to 13 per cent from 21 per cent the year before, suggesting growing awareness among OT professionals and more effective tools for self-assessing their organisations’ cybersecurity capabilities. Nearly one-third (32 per cent) of respondents indicated that both IT and OT systems were impacted by a cyberattack, up from only 21 per cent last year.
- The connected device explosion underscores complexity challenges for OT organisations: Nearly 80 per cent of respondents reported having greater than 100 IP-enabled OT devices in their OT environment, highlighting just how significant a challenge it is for security teams to secure an ever-expanding threat landscape. Survey findings revealed that cybersecurity solutions continue to aid in the success of most (76 per cent) OT professionals, particularly by improving efficiency (67 per cent) and flexibility (68 per cent). However, report data also indicates that solution sprawl makes it more difficult to consistently incorporate, employ, and enforce policies across an increasingly converged IT/OT landscape. And the problem compounds with aging systems, with the majority (74 per cent) of organisations reporting that the average age of ICS systems across their organisation are between six-and-10-years-old.
- Alignment of OT security under the CISO bodes well for the industry: While nearly every organisation faces an up-hill battle when it comes to finding qualified security practitioners due to the growing cybersecurity skills shortage, report findings suggest OT organisations are continuing to prioritise cybersecurity. A key indicator is that nearly every (95 per cent) organisation plans on placing the responsibility for OT cybersecurity under a chief information security officer (CISO) in the next 12 months rather than an operations executive or team.