Industrial Businesses Know They Need More Cybersecurity; Don't Do Much About It

According to a recent survey by independent research organization Ponemon Institute and Unisys, industrial cybersecurity is a lot like diet and exercise. Most of us know we should do a lot more of it than we do—but we don't.   

The study, "Critical Infrastructure: Security Preparedness and Maturity," found big security gaps in the world's critical infrastructure organizations that could impact their ability to prevent devastating attacks to disrupt power generation and other critical functions. The study surveyed 599 global IT and IT security executives at utility, oil and gas, alternate energy and manufacturing organizations in 13 countries from April to May 2014. These industries have become high-risk targets for cybersecurity incidents.

According to the survey, only 17% of companies represented in the research self-reported that most of their IT security program activities are deployed. Fifty percent say either that their IT security activities haven't been defined or deployed (7%), or they've defined activities, but they're only partially deployed (43%). Only 28% of respondents agree that security is one of the top five strategic priorities across the enterprise. At the same time, 57% of respondents agree that cyber threats put industrial control systems and SCADA at greater risk. Ten percent more (67%) say their companies have had at least one security compromise that led to the loss of confidential information or disruption to operations over the past 12 months.

So what are companies waiting for?

Reasons cover everything from lack of knowledge about threat severity to worry about the cost-effectiveness of remedial efforts and the effect they might have on uptime. A full one-third of those surveyed reported they were unaware of the potential vulnerabilities in their ICS/SCADA environment, and another 19% said they were unsure about the degree of threat.

The perception that much of their corporate network is out of the control of those responsible for security is another factor. Sixty-eight percent said that up to a quarter of their network components, including third-party endpoints such as smartphones and home computers, are outside the direct control of their organization's security operations. Another 30% estimate that between one-quarter and three-quarters of their networks are out of their control.  

Finally, there's that "is-it-worth-it" factor. When asked whether they were confident they could upgrade legacy systems to improve security while maintaining operation functionality and cost-effectiveness, more than half said they were not very confident or unsure.

The complete report is available at


More News:

  • IDS Is Among the First Vision Manufacturers to Introduce USB 3.0 Camera With Sony IMX174

    Equipped with image sensors, this new IDS camera model delivers outstanding imaging performance previously unattainable by CMOS-based cameras in terms of high sensitivity, high dynamic range, low fixed pattern noise, and highly accurate color reproduction.

  • China Adopts EtherCAT as a National Technology Standard

    Chinese company representatives shared experiences about their numerous EtherCAT systems and applications with the audience and explained the benefits realized through implementation.

  • HART-Fieldbus Foundation Marriage Complete

    The final step in constructing a single organization to lead process automation communications and integration technologies was completed at the end of August when the members of both the HART Communication Foundation and Fieldbus Foundation approved the merger proposed by their respective boards.

  • Use of BYOD Spreads, But Holdouts Remain

    Manufacturing workers are jumping on the bring-your-own-device (BYOD) bandwagon,

  • ISA100 Wireless Standard Gains Final IEC Approval

    ANSI/ISA-100.11a-2011, "Wireless Systems for Industrial Automation: Process Control and Related Applications," has been unanimously approved by the IEC as an international standard

  • Mergers, Acquisitions & Alliances: Danfoss Makes Offer, Hardinge Acquires Assets, and Fanuc and Rockwell Collaborate

    Danfoss made a public tender offer for all shares of the Finnish ac drives company Vacon. Hardinge, international provider of advanced metal-cutting solutions, agreed to acquire the assets of the Voumard internal diameter (ID) grinding business from Peter Wolters GmbH in Rendsburg, Germany. Maverick Technologies, acquired CQS Innovation, a system integrator specializing in control and information systems for life sciences, chemical and metals industries.

  • Belden Advocates Ethernet, Security and Wireless

    The Internet of Things (IoT) and the industrial IoT will use increasingly intelligent network infrastructures, but this will create more risk and increase the need to protect those critical infrastructures and their data. That's why we're investing both organically and through acquisition in Ethernet, security and wireless—so we can help transform this interconnected world.

  • The Future Is Forged at IMTS 2014

    Front and center was large-scale additive manufacturing in the form of the world's first 3D-printed car, which was printed and assembled on-site at the show. The project was a cooperative effort by Local Motors, Cincinnati Inc.; Oak Ridge National Laboratory; the University of Tennessee; and IMTS' Association for Manufacturing Technology (AMT).

  • Big Manufacturing Trade-Shows Dominate November Calendar

    There Will be More than 100 Exhibits Featuring Products and Services from Rockwell Automation and its Network of more than 100 Partners.

  • Honeywell OneWireless Takes the Prize for Best Wireless Solution

    The OneWireless Network is designed to enhance efficiency, safety and reliability in business processes. The OneWireless Network offers flexibility and scalability, wire-like performance with wireless security and best-in-class data availability with a low cost of ownership.

All news »

What are your comments?

Join the discussion today. Login Here.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments