CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey

A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million.

A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million.

The report is based on data from a survey of 600 IT, IT security, and OT security practitioners conducted by the Ponemon Institute in the United States.

Twenty-nine percent of respondents admitted that their organization was hit by ransomware in the past two years, and more than half of them said they had paid an average ransom of more than $500,000. Some organizations reported paying more than $2 million.

ICS, OT ransomware payments

Nearly two-thirds of respondents said they experienced an ICS/OT cybersecurity incident in the past two years. The most common causes were negligent insiders, a maintenance-related issue, or IT security incidents “overflowing” to the OT network due to poor segmentation between IT and OT.

On average, it took organizations 170 days to detect an incident, 66 days to investigate it, and 80 days to remediate the incident. A calculation based on the total number of hours it would take a team of six people to detect, investigate, and remediate an incident showed a total labor cost of nearly $1 million. Adding roughly $2 million for downtime, legal costs, regulatory fines, and equipment replacement results in an average total cost of approximately $3 million.

Of the companies that confirmed suffering an incident, 1% said the total cost of the ICS/OT incident exceeded $100 million, and 2% reported costs between $10 million and $100 million. Overall, 13% of respondents said the incident had cost them more than $1 million.

Learn more about OT security at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The report published by Dragos and Ponemon focuses on the “cultural divide” between IT and OT teams and its impact on their ability to secure both IT and OT environments.

Advertisement. Scroll to continue reading.

Half of respondents cited cultural differences between security, IT and engineers as the main challenge when it comes to collaboration between IT and OT teams. Technical differences and clear ownership of industrial cyber risk were also cited by over 40% of respondents.

Several other issues were identified by the survey:

  • C-level executives and the board are not regularly informed about the efficiency, effectiveness, and security of their ICS/OT cybersecurity program;
  • Many senior managers lack awareness of the risks and threats to OT environments, which results in inadequate resource allocation;
  • Reporting relationships and accountability for OT security are not properly structured and become deterrents to investing in OT and ICS cybersecurity;
  • The level of cybersecurity maturity for ICS/OT is inadequate in many organizations.

Related: Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light

Related: Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.