The report, titled The State of Industrial Security in 2022, surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organisation to get their perspectives on IIoT /OT security projects, implementation challenges, security incidents, technology investments, and a variety of issues related to cybersecurity risks.

The data revealed that web application attacks were the most common security incident for UK organisations, with 45% encountering at least one in the last 12 months. Additionally, 29% suffered from a malicious external hardware or removable media, 36% encountered a DDoS attack, 31% had remote access compromised, and 29% encountered a compromised supply chain.

Nearly one in 10 UK businesses said that the worst security incident they suffered in the last 12 months had a ‘significant’ impact on their organisation, and led to a complete shutdown of all devices or locations. Furthermore, 39% said their worst incident had a moderate impact, whereby a large number of devices or several locations were impacted, and 50% said minimal impact was observed, where a few devices or just one location was impacted. Only two percent said no impact was experienced at all.

The downtime for these security incidents ranged from less than a day to up to four days, in the UK. The majority or organisations (42%) said that their most significant security incident impacted operation for two days.

As a result, 99% of all UK IT leaders are ‘concerned’ to at least some extent about the current threat landscape and geopolitical situation, in terms of the impact it may have on their organisation.

Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda: “In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organisations at risk,”

"Issues such as the lack of network segmentation and the number of organisations that aren’t requiring multifactor authentication leave networks open to attack and require immediate attention.”

Organisations across the board have acknowledged the importance of investing even further in IIoT and OT security, with 96% of business leaders, globally, noting that their organisation needs to increase their investment in industrial security. A full 72% of organisations signalled that they have either already implemented or are in the process of implementing IIoT /OT security projects, but many are facing significant challenges when it comes to implementation, including basic cyber hygiene.                                 

Klaus Gheri, VP Network Security, Barracuda commented: “IIoT attacks go beyond the digital realm and can have real-world implications. As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack.”