Security Experts:

Connect with us

Hi, what are you looking for?



Industrial Firms Slow to Adopt Cybersecurity Measures: Honeywell

Industrial companies are slow to adopt cyber security capabilities and technology to protect their data and operations, according to a report released on Wednesday by industrial giant Honeywell.

Industrial companies are slow to adopt cyber security capabilities and technology to protect their data and operations, according to a report released on Wednesday by industrial giant Honeywell.

A survey of 130 strategic decision makers from around the world revealed that more than half of industrial organizations have suffered a cybersecurity incident, including ones involving removable media, denial-of-service (DoS) attacks, malware, hackers breaking into plant IT systems, state-sponsored attacks, and direct attacks on control systems.

However, the study found that organizations underinvest in cybersecurity best practices in terms of people, processes and technology – three elements that need to work in harmony for an organizational culture that takes security seriously, Honeywell said.

Forty percent of respondents said they do have a cybersecurity chief in their organization and 15 percent plan on creating the role in the future. When it comes to having someone in charge of cybersecurity for manufacturing, only 35 percent of firms surveyed by Honeywell said they have someone in this role.

As for cybersecurity processes, nearly half of organizations have an enterprise- and plant-wide IT account management policy, and 22 percent plan on implementing one within the next year. A similar percentage also has or plans on having a definitive list of connections to the plant and what data flows through them.

Only one-third of respondents said they continually monitor their systems for suspicious activity and one quarter claim they plan on implementing such measures within a year. On the other hand, roughly 70 percent of organizations conduct risk assessments at least once a year, and more than 60 percent test their firewalls at least yearly.

When it comes to adoption of cybersecurity technologies, the Honeywell study shows that many organizations still have a long way to go. A majority of companies only have a firewall between plant and business systems, and only less than one-third have implemented proper access control and authentication measures for devices in the plant.

Security measures implemented by industrial companies

While the industrial sector is typically slower to adopt new technologies compared to other sectors, many organizations either already have an initiative for digital transformation or they plan on having one within a year. As companies move towards the adoption of the Industrial Internet of Things (IIoT), the main technology pitfall is cyber security, Honeywell said.

The company has advised organizations to ensure that cybersecurity is on the CEO’s agenda. Security needs to be part of the digital transformation strategy, and organizations must focus on adopting best practices.

Honeywell’s complete report, titled “Putting Industrial Cyber Security at the Top of the CEO Agenda,” is available for download in PDF format.

Related: Non-Targeted Malware Hits 3,000 Industrial Sites a Year

Related: One-Third of Industrial Networks Connected to Internet

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...