Woburn, MA – October 7, 2019 – Kaspersky’s State of Industrial Cybersecurity 2019 survey has discovered more than two thirds (67%) of industrial organizations do not report cybersecurity incidents to regulators. While remaining compliant in modern industrial business is a necessity and a driver for business investments, there are several factors that influence how a company will follow and report compliance rules.
Due to the growing sophistication of attacks to breach industrial companies, it is necessary to have robust cybersecurity policies in place and maintain the proper ICS regulations. From the General Data Protection Regulation (GDPR) to standards set by the International Electrotechnical Commission (IEC), industrial companies have instituted several requirements for organizations to adhere to.
Kaspersky’s report shows that many companies are not actively following reporting guidelines, perhaps to avoid regulatory punishments and public disclosure that can harm their reputation. In fact, more than half (52%) of survey respondents said that incidents lead to a violation of regulatory requirements, while 63% consider loss of customer confidence due to a breach as a major business concern. Despite their lack of reporting, organizations understand that regulatory demands must be met as compliance is the top driver in cybersecurity budget investment strategies for 55% of respondents.
Separate from incident reporting, the survey highlights that companies are taking compliance seriously with just over a fifth (21%) of industrial companies admitting that they do not currently comply with mandatory industry regulations. The focus on procedures may be leading companies to become complacent over the quality of the cybersecurity solutions and not taking into account the actual threats: only 28% of respondents identified the threat landscape as a key budget driver.
“Industrial compliance and regulations should not be taken lightly. But it is also very important to keep in mind the real threat landscape that is changing dynamically,” said Georgy Shebuldaev, head of industrial cybersecurity business development at Kaspersky. “An efficient cybersecurity solution in combination with clear policy should help companies achieve the necessary level of protection in accordance with regulatory requirements. Such solutions should contain technology-oriented measures, vulnerability assessment and incident response measures, as well as security awareness initiatives for all employees who work with industrial automation systems.”
To learn more about the Kaspersky Industrial CyberSecurity portfolio, please visit the website. The full Kaspersky State of Industrial Cybersecurity 2019 report can be found here.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.