The Fortinet 2023 State of Operational Technology and Cybersecurity Report is our fifth annual study based on data from an in-depth worldwide survey of 570 OT professionals conducted by a respected third-party research company.
Protecting OT systems is now more critical than ever as more organizations connect their OT environments to the internet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive cyberthreats. The spillover of these attacks is increasingly targeted at OT environments. For these reasons, this year’s survey data indicates that OT cybersecurity is now more central and crucial in an organization’s risk portfolio than ever.
An analysis of the 2023 data reveals that there are currently four prominent global trends:
- There has been an overall decline in intrusions due to fewer insider breaches, though ransomware and phishing are still major threats. Rather than a decrease in cyber risk, however, this may be due to cybercriminals adopting a more targeted approach.
- Nearly all organizations have placed the responsibility for OT cybersecurity under a chief information security officer (CISO) rather than an operations executive or team.
- Organizations and OT professionals rely on a wide range of cybersecurity solutions to combat intrusions. There are indications that point products and solution sprawl may make it more challenging to apply policies and enforce them consistently across the converged IT/OT landscape.
- The number of respondents who consider their organization’s cybersecurity maturity to be at Level 4 fell from 21% a year ago to 13% today, while those who see their cybersecurity to be at Level 3 are up from 35% to 44%. This data swing seems to indicate that OT professionals now have a more realistic self-assessment of their organization’s OT cybersecurity capabilities.
After five years of surveying OT professionals, the most encouraging news is that cybersecurity now appears to be finally out of the shadows. Operational technology cybersecurity now has the full and frequent attention of enterprise leadership and C-suites. However, most organizations still have much work to do, and there is never time to “rest on one’s laurels” regarding cybersecurity.
To assist your organization with improving its OT security posture, this year’s State of Operational Technology and Cybersecurity Report concludes with a list of common best practices that top-tier organizations employ to keep their OT systems secure.