The 2023 State of Operational Technology and Cybersecurity Report published on Wednesday by Fortinet shows a drop in the number of intrusions at OT organizations.
The report is based on a survey of 570 OT professionals, representing the manufacturing, transportation, healthcare, oil and gas, energy, chemical, and water sectors in countries such as the US, Canada, Australia, Brazil, Mexico, the UK, France, Germany, Japan, India, South Africa, and Egypt. A vast majority of the respondents are regularly involved in cybersecurity purchase decisions.
The survey found that the number of OT organizations that did not suffer a breach has increased to 25%, from 6% in the previous year. The decrease in the number of incidents is driven by a drop from 29% to 12% in insider breaches. The percentage has remained roughly the same for most types of incidents, except for malware and phishing.
The number of intrusions that affected both IT and OT systems increased from 21% in 2022 to 32% in 2023. On the other hand, incidents impacting only OT environments have dropped from 40% to 17%.
Many organizations are concerned about ransomware attacks. While these types of attacks typically target the IT or enterprise network, they can directly or indirectly impact production as well.
The survey also found that CISOs are increasingly responsible for OT cybersecurity. In 95% of cases, the CISO is or will soon be responsible for OT security, up from 88% in the previous year.
“The data also shows that OT security professionals are coming from the ranks of the IT team rather than those with product management work experience. As a result, and as the survey data indicates, the C-suite and traditional security leaders, especially the CISO/CSO, are becoming more involved and invested in cybersecurity decision-making,” Fortinet said in its report.
The report also shows that fewer organizations are highly confident in their OT security posture, but that’s not necessarily a bad thing.
“Globally, fewer companies characterize their OT security posture as highly mature this year, down from 21% in 2022 to 13% this year. At the same time, 44% of organizations now characterize their OT cybersecurity posture maturity at Level 3, up from 35% a year ago. This data indicates that this year’s respondents may have a more realistic self-assessment of their OT cybersecurity capabilities,” Fortinet explained.
Fortinet’s report, available in PDF format, also contains information on the types of OT security solutions used by organizations, as well as tips and recommendations.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 23-26, 2023 | Atlanta
Related: New Data Sharing Platform Serves as Early Warning System for OT Security Threats
Related: Waterfall Security, TXOne Networks Launch New OT Security Appliances