Cybersecurity in Industry: alarming statistics, the risk is growing

The industrial sector is one of the most vulnerable to cyberattacks in the economy. New technological opportunities bring new threats. In modern industrial companies, the entire IT infrastructure is intricately interconnected and connected to the internet. The more complex the system, the more potential entry points for hackers. What does the issue of cybersecurity in the industrial sector look like exactly? How exposed is the industry to cyberattacks? To illustrate this effectively, we have prepared a handful - or even a few handfuls - of interesting statistics from various sources. Enjoy your reading!

The industrial sector experiences a high number of cyberattacks.

According to the IBM Security report "X-Force Threat Intelligence Index 2023," in 2022, industrial companies were at the forefront of attacked industries, and the number of attacks increased compared to 2021. This is the second consecutive year that this sector has been at the forefront.

Previously, it also remained in the top rankings. According to the "X-Force Threat Intelligence Index 2021," the manufacturing industry was in second place in terms of the number of observed attacks in 2020, right after the financial and insurance sector. In 2019, it was in eighth place.

A report prepared by Fortinet, "2022 The State of Operational Technology and Cybersecurity," states that as many as 93% of companies belonging to the industrial sector had experienced a breach in the last year, and in the case of 78%, there were more than three breaches.

On the other hand, according to the global study "Cybersecurity in Smart Factories" by Capgemini, in which about a thousand entities participated, 68% of manufacturing companies are investing in systems that require automatic data exchange between devices and machines with network access. This has its downsides: about 40% of businesses investing in more or less intelligent production have fallen victim to hackers.

Capgemini also provides information on which branches of the industry are most commonly targeted by cyberattacks. These include heavy industry (51% of companies), pharmaceutical industry (44%), biotechnology industry (44%), chemical and petrochemical industry (39%), semiconductor and advanced technology-related industry (39%), and the automotive industry (36%).

The industrial sector must prepare for various types of cyberattacks.

BlackBerry decided to find out which cyberattacks the industry is most afraid of. To do this, they surveyed 1500 IT decision-makers in the manufacturing sector in North America, Germany, the United Kingdom, Australia, and Japan. It turns out that companies are most concerned about threats such as malicious attacks using connected devices, including IoT (40%), unauthorized access to data by malicious internal users (29%), and attacks using ransomware software (23%).

Siemens' 2020 report, "From Audit to Secure Infrastructure," identifies server resources related to the operating system (50%) as the most critical risk posing a threat to IT security in the industry. Next in line are connections to SCADA control systems (36%) and embedded controllers (23%).

Experts at Capgemini have calculated the significant financial losses that an industrial company must expect if it temporarily suspends operations due to a cyberattack. A four-hour shutdown can cost an industrial company up to 2 million dollars.

Furthermore, IBM reports that the average data breach cost the industrial sector a whopping 4.24 million dollars in 2021.

It's no wonder that investments in protecting the industrial sector are on the rise. Future Market Insight estimates that the value of the global industrial cybersecurity market will grow to 43 billion dollars by 2032. Currently, it stands at around 21 billion dollars.

Cybersecurity in the industrial sector leaves much to be desired.

According to the study "Cybersecurity in Smart Factories" by Capgemini, the industry is still grappling with accelerated digital transformation. When it comes to transformation leaders, this aspect is well managed. As many as 85% of managers claim that a clear action plan has been defined in their companies to proactively prepare for the emergence of risks. However, in companies that are slower to adopt new technologies, the situation is much worse, with only 45% of them having procedures in place in case of a cyberattack.

These are not the only interesting findings from the study. 80% of transformation leaders believe they can respond adequately to cybersecurity threats, and 72% believe they can effectively minimize the consequences of successful cyberattacks. In companies that are slower to adapt to changes, 51% declare the ability to respond to online threats, and 41% claim effectiveness in mitigating the consequences of cyberattacks.

The aforementioned BlackBerry report indicates that 86% of IT decision-makers in the industrial sector perform crucial tasks on outdated operating systems that lack manufacturer support, significantly facilitating the work of hackers.

It's also worth mentioning that the Central Statistical Office (GUS) has examined companies engaged in processing and manufacturing goods. The analysis reveals that only 42% of enterprises have an organized Information and Communications Technology (ICT) policy. 28% do not control network access. Only 20% use IT risk assessment, and only 19% have updated or prepared a security policy in recent months.

How to ensure cybersecurity in the industrial sector?

To take care of your company's cybersecurity, take advantage of a free IT security audit based on ISO 27001 and COBIT standards. It will identify areas requiring immediate action and indicate compliance levels with regulations. Additionally, watch the free recording of the "Cybersecurity in the Industrial Sector" webinar (soon available in English). Also, regularly visit our blog, as well as our fan page or LinkedIn profile, where we share valuable information about cyber protection

Until next time!

Sagenso Team.