(CS)2AI and KPMG Release Inaugural Cyber Security Report for Control Systems and Operational Technology

Report provides a data-driven decision support tool for management responsible for Control Systems and Operational Technology; aids in prioritization of projects, staffing, and budgets


ATLANTA, Nov. 02, 2020 (GLOBE NEWSWIRE) -- The Control System Cyber Security Association International (CS)2AI, the premier global non-profit organization for Control Systems (CS) and Operational Technology (OT) professionals, and KPMG announced today the release of their first annual CS/OT Cyber Security Report. The report findings are based on a survey from a representative sample of over 16,000 professionals responsible for protecting and defending assets and systems worth millions to billions in capital investment. Collectively, their answers provide profound insights into the state of the CS/OT threatscape across multiple industries such as utilities, transportation, manufacturing, information technology services, hospitals, construction, and others.

The report focuses not only on the threats to CS/OT environments from security breaches, but also on the steps being taken by successful CS/OT security practitioners around the world. “The survey reveals a clear relationship between the failure to focus on the data and metrics needed to enhance security, as well as inadequate levels of maturity for OT security programs,” says Derek Harp, Founder and Chairman of (CS)2AI. “For example, our survey reveals that less than 25% of companies have incorporated an active defense of their control systems and assets.” This report, the first of multiple research products our organization is proud to initiate, offers insight into points of failure and areas of success in this industry.”

Key report findings revealed
Notable findings based on the analysis of organizations with more mature CS security programs, versus those with less mature programs, reveals that the former:

  • Use managed CS security services much more often: 47 percent vs 6 percent
  • Conduct end-to-end security assessments more frequently: 53 percent vs 36 percent
  • Frequently replace vulnerable CS hardware or software after assessment: 63 percent vs 34 percent
  • Monitor all CS networks: 53 percent vs 16 percent

The (CS)2AI-KPMG Control System Cyber Security Report was developed to provide decision support tools enabling CS cyber security practitioners and management to make best-informed and prioritized decisions regarding the protection of critical assets. For example, the report reveals a mismatch between security spending priorities and return on investment of past allocations, as well as critical success factors common to the most mature cyber security programs.

“Enterprise organizations continue to struggle to address cyber security vulnerabilities across control systems and operational technology environments, which can have a material impact on human safety and their businesses’ bottom line,” said Walter Risi, Global Cyber IoT leader and Technology Consulting practice leader, KPMG in Argentina. “If businesses don’t take appropriate action soon to mitigate risks, regulators and governments will. Savvy business leaders will analyze their worst-case scenarios and take decisive action to protect their operations and assets ahead of government mandates. The CS/OT cyber security report will offer business leaders and practitioners valuable data-driven insights to create an actionable plan.”

In collaboration with a team of strategic industry partners, including title partner KPMG and other report supporters including Waterfall Security Solutions, Palo Alto Networks, SecurityWeek, Fortinet, and Airbus Cyber, the report collects and analyzes key data around: (1) CS security events, (2) trends in attack activities and protective technologies, and (3) how organizations are adapting to ongoing challenges including the limited talent pool of skilled workers.

For more detailed analysis and recommended action on improving CS cyber security awareness, get a copy of the (CS)2AI-KPMG Control Systems Cyber Security Report here: https://www.cs2ai.org/reports

About Control System Cyber Security Association International

(CS)²AI, a 501c6 company, pronounced “See-say”, is the premier global not-for-profit workforce development organization supporting professionals of all levels charged with securing control systems. With over 18,000 members worldwide, we provide the platform for members to help members, foster meaningful peer-to-peer exchange, continue professional education and directly support cyber security professional development in every way.   For more information visit https://www.cs2ai.org/ or visit us on LinkedIn and follow us on Twitter @cs2ai

Media Contact:        
Alane S. Moran
Moran Communications
206.321.4124
alanemoran@gmail.com