Survey Results Reveal Resilience of Industrial Organizations in Face of Ongoing Disruptions

Critical infrastructure organizations dealt with unprecedented cybersecurity challenges in 2021 — and unfortunately, this trend has already continued into 2022. The recent cyberattacks against European oil port terminals are exacerbating existing concerns about fuel shortages at a time when energy prices are already soaring and the industry is still reeling from the aftermath of the Colonial Pipeline attack. Meanwhile, another recent cyberattack against KP Snacks has many anticipating a shortage of Hula Hoops, McCoy's and Tyrrells crisps, Butterkist, Skips, Nik Naks, KP Nuts, and other popular British snacks — similar to how the 2021 attack against JBS Foods led to widespread shortages of meat products globally.

Unfortunately, these are merely a few of the seemingly countless cyber attacks that have disrupted industrial operations, global supply chains, and ultimately the delivery of essential goods and services over the past year. On top of this, business leaders have continued to deal with the impact of COVID-19 while determining how to maintain efficient and secure operations.

To better understand how industrial organizations are navigating these uncharted waters, Claroty commissioned an independent global survey of 1,100 IT and OT security practitioners. The results are now available in our new report, The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption. Highlights include:

A trifecta of disruptions, with ransomware leading the way

• A staggering 80% of respondents experienced a ransomware attack in the past year, with 47% reporting an impact to their OT/Industrial control system (ICS) environment.

• More than 60% paid the ransom and just over half (52%) paid $500,000 USD or more.

• Digital transformation has continued to accelerate, and remote/hybrid work will continue at 73% of organizations.

Governance, executive oversight, and investment priorities aimed at strengthening resilience

• More than half of the respondents say their organization's C-suite and board are very involved in cybersecurity decision-making and oversight.

• More than 60% are centralizing OT and IT governance under the CISO – a recommended best practice.

• More than 80% of respondents report that both their IT and OT/ICS security budgets have increased and implementing new technology solutions is the top cybersecurity priority.

Remaining gaps in processes, technology, and staffing

• Nearly 30% are sharing passwords, 57% employ usernames and passwords, and 44% use VPNs – all areas of opportunity to strengthen resilience.

• Nearly 90% are looking to hire, but 54% say it is hard to find enough qualified OT security candidates.

For a region-by-region look at how organizations are grappling with a breadth of unprecedented issues, along with five recommendations for how to build resilience, download the report: The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption.