Security Market Segment LS
Monday, 08 April 2019 09:56

90% in operational tech sector face cyber attack every 2 years

90% in operational tech sector face cyber attack every 2 years Image by Gerd Altmann from Pixabay

A subset of data from a December 2018 survey shows that nine out of 10 companies which can be put in the operational technology sector face cyber security threats at least once in two years.

The study was carried out by the Ponemon Institute for security firm Tenable; the data was culled from an initial study of 2,410 IT and IT security practitioners in the US, the UK, Germany, Australia, Mexico and Japan.

The responses of 701 companies that belong to the energy and utilities, health and pharmaceuticals, industrial and manufacturing and transportation sectors were extracted and used for the figures issued on Monday.

Key findings:

  • C-level technology, security and risk officers are most involved in the evaluation of cyber risk as part of their organisation’s business risk management.
  • Forty-eight percent in the OT sector (vs 38% in the non-OT sector) attempt to quantify the damage a cyber event could have on their business – and they’re most likely to quantify the impact based on downtime of OT systems.
  • Concerns about third parties misusing or sharing confidential information and OT attacks resulting in downtime to plant and/or operational equipment increase when looking at 2019. Worries about nation-state attacks continue at a significant level. No definition was given as to what was considered "significant".
  • Increasing communication with the C-suite and board of directors about cyber security threats facing the organisation and ensuring third parties have appropriate security practices to protect sensitive and confidential data are top priorities for 2019.
  • The top 2019 security priority is to improve the ability to keep up with the sophistication and stealth of attackers. This isn’t surprising given the significant number of OT sector organisations that have suffered a nation-state attack in the past 24 months.
  • Few organisations have sufficient visibility into their attack surface. Gaining required visibility will continue to be a challenge due to a combination of staff shortages and heavy reliance on manual processes. Only 20% said they had sufficient visibility into their organisations' attack surface.

The Ponemon Institute made the following recommendations in the light of the survey data:

Improve communication with the C-suite and board of directors about the cyber threats facing the organisation. This will help identify and address gaps among the organisation’s risk appetite and actual risk exposure.

Improve visibility into the attack surface. Blind spots can result in unmanaged and unsecured IT and OT systems. Complete visibility is required for organisations to assess their risk.

Increase the use of automated processes to compensate for the security staff shortage.

Continue to recognise the security impact of interdependencies between IT and OT systems. Vulnerabilities and other weaknesses in IT systems can put interconnected OT systems at risk, and vice versa.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments