Despite the fact that more than half of industrial organizations experienced at least one cybersecurity incident in 2016, 83% of respondents believe that their industrial systems are well equipped to deal with cybersecurity incidents. The average cost to industrial organizations of ineffective cybersecurity is $497,000 per year, according to Kaspersky.

Respondents' top concerns regarding cyber threats are:

• 56 %: Security incidents caused by conventional malware or computer viruses
• 44 %: Threats originating from third-party vendors (for example, via supply chain) or partners
• 41 %: Sabotage or physical damage caused by external actors
• 33 %: Ransomware attacks
• 32 %: Percent: targeted attacks

These incidents have actually occurred

Looking at the cyber security incidents actually experienced by respondents in the past year, the following picture emerges:

• 53 %: Security incident caused by conventional malware or computer viruses
• 36%: targeted attacks
• 29 %: Employee error or unintentional mistake
• 26 %: Threats originating from third-party vendors (e.g. via supply chain) or partners
• 24 %: Ransomware attacks

Cybersecurity - the challenges for the industry

86% of respondents have a reviewed and documented cyber security policy to protect against potential threats. However, the industrial companies surveyed lack internal and external IT security expertise to counter external and internal threats. Accordingly, the study participants see five major challenges with regard to cyber security for ICS systems:

• 50 %: Hiring cybersecurity professionals in the ICS field
• 48%: Finding a trustworthy partner to implement an ICS cybersecurity solution
• 43 %: Increasing networking with corporate IT
• 39 %: Lack of security awareness among responsible employees
• 35 %: Complexity of the ICS environment/industry network

According to the Kaspersky study, the majority of the companies surveyed are no longer relying on the air-gap approach that was previously common, but on comprehensive cyber security solutions. In addition, 42% of respondents plan to implement industrial anomaly detection tools and security awareness training for employees over the next twelve months. Industrial anomaly detection technologies are particularly important as one in two ICS organizations surveyed admitted that third-party vendors have access to industrial control networks.

The full study is available online.