We're heading into a new reality for cyber security in industry. This year's events have disrupted markets and supply chains, forced a major change in operating models and exacerbated political tensions. In the midst of this, we face a future of relentless and increasingly sophisticated cyber security threats demanding that businesses raise the bar on their control systems security measures while contending with growing cost pressures. But as our new survey findings reveal — perhaps alarmingly — far too many enterprises remain dangerously exposed to costly and potentially debilitating cyber-attacks.
Produced in collaboration with The Control System Cyber Security Association International (CS)2AI, the 2020 (CS)2AI-KPMG Control Systems Cyber Security Survey Report offers an in-depth look into the state of control systems security practices, measures, threats and risks in today's rapidly changing and endlessly challenging cyber security environment. Our analysis is based on input from a representative sample of the more than 16,000 members of the Control System Cyber Security Association International — professionals on the front lines of cyber security for all types of control systems.
The report's key findings reveal that businesses are struggling to resolve cyber security vulnerabilities in control systems (CS) and operational technology (OT) environments. Notable findings include:
- Less than 25 percent of companies have incorporated an active defense of their control systems and assets.
- 58 percent of respondents identified insufficient CS security expertise as a roadblock, followed by insufficient personnel (48 percent), operational uptime requirements (44 percent), lack of financial resources (37 percent) and inadequate leadership support (35 percent).
- 47 percent of mature CS security programs use managed CS security services vs 6 percent of less mature programs.
- 53 percent of mature CS security programs conduct end-to-end security assessments more frequently than less mature programs (36 percent).
Explore the full report to help you develop a realistic picture of the CS and OT threatscape state in this rapidly changing environment and to gain valuable data-driven insights to create an actionable plan.