PAS Global's Survey Finds the Majority of Organizations Lack Preparation for an OT Cyberattack

PAS Global, the OT Integrity company, delivers software solutions that prevent, detect, and remediate cyber threats, reduce process safety risks and optimize profitability, and enable trusted data for decision-making.

FREMONT, CA: PAS Global, the OT Integrity company, announced findings from its survey of Operational Technology (OT) Cybersecurity Readiness, including that 85 percent of respondent organizations are not highly prepared for an OT cyberattack.

Survey respondents were asked to gauge the degree of OT cybersecurity risk for several potential threats. “Human Error” topped the list as the highest risk area followed by “Nation States,” “Digital Transformation,” “Remote Work,” “Criminal Activity,” and “Internal Malicious Actors.”

“The need to reduce OT cybersecurity risk is more important than ever with inadvertent human error representing the greatest threat according to our survey respondents followed by adversarial nation states, expanding digitalization and an increasingly remote workforce,” said Eddie Habibi, CEO, and Founder of PAS. “Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States Government continue to raise awareness of the threat, however, our survey demonstrates there is still a long way to go.”

“With only 12 percent of respondents indicating the OT cybersecurity risk to their organization is low, it is surprising to see just 15 percent say they are highly prepared for an OT cyberattack,” Habibi continued. “Additionally, 16 percent of respondents said they had experienced an OT cyber incident in the last year, which indicates such attacks are not isolated cases any longer. We should be just as concerned, however, that 21 percent of the respondents were unsure whether their organization had experienced an OT cybersecurity attack in the last year.”

“It is a foundational best practice in OT cybersecurity to have a detailed and accurate asset inventory,” said Mark Carrigan, Chief Operating Officer of PAS. “However, 85 percent of our survey respondents reported having an inadequate inventory. While the industry has made strides over the last few years, it is clear much more work needs to be done.”

“Trying to reduce OT cybersecurity risk without a solid OT asset inventory is like attempting to build a house without a solid foundation,” Carrigan added. “As such, it is not surprising that 38 percent of respondents indicate their organization is taking only an ad hoc or reactive approach to OT vulnerability management with just 27 percent taking a proactive approach based on business risk.”