Responsibility for OT Security Shifts to the Board of Directors
A study by Fortinet finds that ‘organisations are taking OT security increasingly seriously’.
Responsibility for OT (operational technology) security is increasingly falling on the board of directors.
This is according to the seventh edition of Fortinet’s Global State of Operational Technology and Cybersecurity Report, which also reveals that ‘organisations are taking OT security increasingly seriously’.
‘This trend is reflected,’ precisely, ‘in a notable increase in the assignment of responsibility for OT risks to senior management, along with a rise in organisations that self-report higher rates of OT security maturity,’ explains Nirav Shah, senior vice president of Products and Solutions at Fortinet.
‘Likewise,’ he adds, ‘we are seeing a decrease in the impact of intrusions on organisations that prioritise OT security.’
The number of organisations planning to integrate cybersecurity under an executive category such as CISO is growing. This means that OT security is gaining ground on boards of directors.
Fifty-two per cent of organisations say that the CISO or CSO is currently responsible for OT. In 2022, that percentage was only 16%. For all senior management roles, it rises to 95%.
The number of companies that intend to put OT cybersecurity in the hands of their CISO over the next twelve months is also increasing. Here, the figure rises from 60% to 80%.
Similarly, more organisations are in the access and profiling phase of Level 2 in terms of security maturity.
Organisations that claim to be more mature (levels 0-4) in OT cybersecurity are affected by fewer attacks or face less sophisticated tactics, according to the Fortinet study.
The impact of intrusions is decreasing, with a reduction from 52% to 42% in operational disruptions that affected revenue.
Shah’s impression is that ‘everyone, from senior management down, needs to be committed to protecting sensitive OT systems and allocate the necessary resources to secure their critical operations.’
In fact, several cybersecurity best practices are already having a positive influence, such as basic cyber hygiene, awareness and employee training. Another recommended action is the adoption of threat intelligence.
These types of measures are leading to a decline in the rate of business email compromise.
The number of OT device vendors is also falling. Now, 78% of organisations use a maximum of four brands.
