Control Systems Cyber Security Report 2024: Key Findings and Trends
Rapid developments in the field of control systems cyber security (CS) are critical to the sustainability of modern life. The 2024 report prepared by KPMG (Cybersecurity Services) includes the main trends in this field, the challenges faced and future forecasts. The most important data and findings from the report summarise the first 6 months.
Key Findings in the Report;
Lack of Programme Maturity: 49% of the organisations surveyed indicated that their ICS/OT (Industrial Control Systems/Operational Technology) cyber security programmes were either non-existent or very basic. This indicates a lack of cyber security plans, procedures and capability development processes.
Different Priorities: Managers at different levels of organisations have different priorities in allocating extra budget. This raises questions about whether incentives are aligned and why objectives differ.
Increase in Network Monitoring: Full monitoring of control system network activity has increased by 80% compared to last year. This shows that organisations have increased cyber security awareness and are taking more proactive measures.
Accessibility of Components: When assessing the accessibility of control system components (PLCs, IEDs, RTUs, HMIl, servers, workstations and historians) from business networks, the internet, the cloud and integrators/suppliers, there are generally no major differences between high maturity organisations and low maturity organisations. In fact, components of high maturity organisations are sometimes more accessible than those of low maturity organisations.
Lack of Qualified Personnel: The lack of qualified personnel in the field of cyber security has been a recognised challenge in the industry for years. Survey respondents mentioned increasing difficulties in finding qualified personnel. This situation requires organisations to invest in improving the cybersecurity skills and training of their existing employees.
Trends and Challenges
Increase in Cyber Attacks: The increase in cyber attacks is concerning. However, organisations are managing their cyber security budgets more proactively and taking precautions by recognising the threats of supply chain attacks.
Executive Awareness: Awareness of OT cyber security (Operational Technologies) is increasing among senior executives. Cyber security conversations, which were difficult in the past, have now become a more common and important topic. Executive-level crisis simulations and tabletop exercises contribute to a better understanding of the critical importance of OT cyber security.
Investment and Training: The report highlights a significant increase in organisations’ cyber security spending and training programmes. This provides better preparedness against cyber security threats.
KPMG’s 2024 Control Systems Cyber Security Report provides important data and insights in the field of cyber security. Shaping organisations’ cyber security strategies and investments based on these findings will be an important step towards ensuring the security of modern life. This report stands out as a valuable resource for both industry professionals and senior executives. For more information and professional guidance services on this subject, please contact us at info@c4sec.co.uk.
