Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Security Incidents Can Cost Industrial Firms $500K Per Year: Kaspersky

While a majority of industrial companies claim they are well prepared to handle a cyber security incident, many have admitted experiencing at least one incident in the past 12 months, and the annual cost can be as high as half a million dollars, according to a new report from Kaspersky Lab.

While a majority of industrial companies claim they are well prepared to handle a cyber security incident, many have admitted experiencing at least one incident in the past 12 months, and the annual cost can be as high as half a million dollars, according to a new report from Kaspersky Lab.

The security firm has conducted a survey of 359 industrial cybersecurity practitioners across 21 countries, mainly from the manufacturing, construction and engineering, and oil and gas sectors.

A majority of the respondents (83%) said they were prepared to deal with cybersecurity incidents within their industrial control systems (ICS) environment, and 86 percent claimed they had a dedicated policy or program in place.

However, half of them have experienced between one and five security incidents in the past year, and one percent claimed they were hit as many as 25 times.

Learn More at SecurityWeek’s 2017 ICS Cyber Security Conference

The main concern for many organizations are conventional malware infections, which also accounted for the highest percentage of actual incidents. Other areas of concern include threats from third-parties, sabotage or other damage caused from the outside, ransomware, and targeted attacks. Many are also concerned about the impact of employee errors or unintentional actions, and sabotage or intentional damage from the inside.

ICS cybersecurity incidents

The companies surveyed by Kaspersky said they spent a lot of money dealing with cybersecurity incidents. The average financial loss was roughly $347,000 per year, but organizations with more than 500 employees claimed they had spent nearly $500,000. These costs include the bill for addressing the consequences of the incident, software upgrades, staff and training.

As for the ICS security measures taken by organizations, two-thirds of respondents said they rely on anti-malware solutions and security awareness training. Roughly half of companies also leverage intrusion detection and prevention systems, security audits, unidirectional gateways, vulnerability scanning and patch management, asset identification and management, and anomaly detection.

Kaspersky pointed out that the move towards more advanced security technologies in favor of the traditional air-gapping is a good sign.

The report shows that the main challenges of managing ICS cyber security are related to finding employees with the right skillset and finding reliable partners for implementing security solutions.

Kaspersky’s “The State of Industrial Cybersecurity 2017” report is available for download in PDF format.

Related Reading: Industrial Systems at Risk of WannaCry Ransomware Attacks

Related Reading: Exploring Risks of IT Network Breaches to Industrial Control Systems

Related Reading: Non-Targeted Malware Hits 3,000 Industrial Sites a Year

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...