Cyberattacks on industrial assets cost $3 million on average

Image courtesy of Trend Micro

Nine in every 10 (89%) of electricity, oil and gas, and manufacturing firms in Germany, the United States and Japan have experienced cyberattacks impacting production and energy supply over the past 12 months, according to Trend Micro.

Trend Micro polled 900 ICS (industrial control systems) cybersecurity leaders that are based in the three countries, to prepare its State of Industrial Cybersecurity 2022 report.

William Malik, VP of infrastructure of strategies at Trend Micro, said that across the globe, industrial locations are going digital to drive sustainable growth. However, this has invited a deluge of threats which they are ill-equipped to mitigate, causing major financial and reputational damage.

“Managing these heavily networked IT and OT environments effectively requires an experienced partner with the foresight and breadth of capabilities needed to deliver best-in-class protection across both environments,” said Malik.

The survey’s findings show that around half of the industrial sector organisations that are affected by attacks against critical national infrastructure made efforts to improve cybersecurity infrastructures. However, they do not always have sufficient resources or knowledge in place to defend against future threats.

Among respondents that suffered cyber disruption to their operational technology and industrial control systems (OT/ICS), the average financial damages amount to about $2.8 million, with the oil and gas industry suffering the most.

Almost three-quarters (72%) of respondents admitted they experienced cyber disruption to their OT/ICS environments at least six times during the year.

The research also found that 40% of respondents could not block the initial attack, and 48% of those who say there have been some disruptions do not always make improvements to minimize future cyber risks.

Further, future investments in cloud systems (28%) and private 5G deployments (26%) were the top two drivers of cybersecurity among respondents.

Also, the OT security function tends to be less mature than IT on average in terms of risk-based security.

According to Trend Micro, the addition of cloud, edge, and 5G in the mixed IT and OT environments has rapidly transformed industrial operations and systems. 

Thus, organisations must stay ahead of the curve and take security measures to protect business assets. Improving risk and threat visibility is a curtail first step to a secure industrial cloud and private network.