Most Security Pros Prefer Enterprise Over Industrial Cybersecurity: Survey

A global survey of 1,000 security professionals commissioned by industrial cybersecurity company Claroty has revealed that over 70% would rather work in IT enterprise cybersecurity than industrial security.

The respondents of the survey represented the United States, United Kingdom, Germany, France, and Australia. Globally, over 75% of IT security pros said they prefer enterprise cybersecurity to industrial cybersecurity. In the US, more than 70% would rather protect enterprise networks.

“This is where it’s imperative that CISOs and IT security teams catch up on the importance of OT security, and how it absolutely does fall into their purview. It is essential to recognize that every company in the world relies on industrial networks. For nearly half of the Fortune 2000 – in industries including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage – these industrial networks are critical components to their business,” Claroty said in its report.

“The rest rely on these networks for basic needs like transportation, HVAC systems, lights, elevators, and data center infrastructure. These networks are essential and ubiquitous and, as demonstrated with past attacks, even though not considered part of ‘critical infrastructure’, collateral damage alone can cost companies billions of dollars,” it added.

The survey also shows that 65% of the global respondents and 57% in the US said they would rather deal with a massive data breach suffered by an organization than a major attack related to critical infrastructure.

Seventy-three percent of global respondents are more concerned about an attack on critical infrastructure than an enterprise breach.

Learn More About ICS Security at SecurityWeek’s 2020 ICS Cyber Security Conference

Seventy-five percent of respondents said they know the differences between IT and OT networks, and the same percentage believes they have the skills and experience required to protect OT networks.

Claroty believes comfort level is likely one of the reasons why most respondents would rather work in IT. However, the survey found that two-thirds of experts believe there is more pressure in IT than in industrial security.

Sixty percent of security pros believe their country’s critical infrastructure is properly protected against attacks — in Australia and Germany over 90% believe so, while in the US only 45% think critical infrastructure is not vulnerable to attacks. A vast majority believe that it’s the government’s responsibility to ensure that critical infrastructure is protected.

When asked to make predictions for 2020, 43% of respondents said unauthorized network access will be the most prevalent in the case of industrial networks, followed by ransomware at 33%.

Both globally and in the US, 45% believe the electric power sector is the most vulnerable to attacks, followed by oil and gas, transportation, and chemical.

Related: Some ICS Security Incidents Resulted in Injury, Loss of Life

Related: Upstream Oil and Gas Companies Boosted Cybersecurity Spending in 2019

Related: Most OT Organizations Hit by Damaging Cyberattacks