New figures released by SANS indicate that cybersecurity investments aimed to protect industrial control systems (ICS) and operational technology (OT) are increasing. A little over half of organizations currently rate their risk profile as critical or high. This represents a significant decrease from the last report that was published in 2017. At the time, over two-thirds (69%) of firms placed themselves in the high or severe risk categories
Companies consider people to be a bigger threat (62%) than technology (21%) and processes (14%). The human threat can take the form of human error or of malicious acts and in both cases the threat can come from internal or external actors. The report also shows that firms are getting faster at detecting cyberattacks, with 8 out of 10 organizations stating that they are capable of detecting incidents within a week. Further improvement is needed of course, as 7 days is still a very long time for a cyberattack to go unnoticed.
Read more: Organizations Investing More in ICS Cyber Security: SANS Study