Full Report
ARC Advisory Group and Kaspersky have presented a survey on the state of industrial cybersecurity in 2019
Analysis Summary
# Industry News: ARC & Kaspersky 2019 Report Reveals "Execution Gap" in Industrial Security
## Summary
Kaspersky and ARC Advisory Group have released their 2019 joint study on the state of Industrial Control Systems (ICS) cybersecurity, highlighting a significant disconnect between executive prioritization and technical readiness. While over 80% of firms view ICS security as a top priority, only 31% have a functional incident response program in place.
## Key Details
- **Date:** August 29, 2019
- **Companies Involved:** Kaspersky (Lead Researcher/Sponsor), ARC Advisory Group (Research Partner)
- **Category:** Market Analysis and Industry Report
## The Story
The 2019 survey, which included 282 global industrial organizations and 20 qualitative interviews, paints a picture of an industry in a state of "anxious transition." The data reveals that while awareness of OT (Operational Technology) threats is at an all-time high—with 70% of firms expecting an attack—actual implementation of security controls is lagging.
A critical trend noted is the decrease in firms reporting "zero incidents" (falling from 51% in 2018 to 41% in 2019). Analysts suggest this may actually indicate improved detection capabilities rather than an increase in attacks alone. However, the human element remains the primary vulnerability: employee errors were cited as a leading cause of disruption, leading nearly half of the surveyed companies to increase their budgets for security awareness training.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a thought leader and "first responder" in the ICS/OT space, providing data-driven justification for its specialized industrial product suite.
- **ARC Advisory Group:** Reinforces its status as a premier consultancy for the intersection of industrial automation and cybersecurity.
### For Competitors
- Competitors (e.g., Claroty, Dragos, Nozomi) face a market where customers are increasingly aware of the "skills gap." Successful competitors will be those offering managed services or highly automated tools that don't require deep in-house expertise.
### For Customers
- End-users are facing a shift from "compliance-based" security to "risk-based" security. They are increasingly likely to see budget approvals for OT audits and endpoint protection, provided they can address the shortage of qualified personnel.
### For the Market
- The market is shifting from "Is this a problem?" to "How do we fix this?" This drives demand for integrated IR (Incident Response) services and workforce training programs rather than just software sales.
## Technical Implications
- **Visibility vs. Protection:** The report suggests that many firms are investing in visibility (audits/monitoring) but lack the technical IR (Incident Response) frameworks to act on threats once detected.
- **Endpoint Focus:** A noted budgetary trend toward endpoint protection in OT environments indicates a move away from simple perimeter defense toward a "defense-in-depth" technical architecture.
## Strategic Analysis
- **Market Positioning:** Kaspersky is positioning itself as an educator and partner for industrial firms that are "budget-ready but talent-poor."
- **Competitive Advantage:** By identifying that 48% of firms want to spend more on training, Kaspersky can bundle training services with technical solutions to create stickier customer relationships.
- **Challenges:** The "lack of experts" remains the largest obstacle to market growth. If companies cannot find people to run the systems, they may delay purchasing the software.
## Industry Reactions
- **Analyst Opinions:** Analysts find the drop in "zero-incident" reporting significant; it marks the end of the "security through obscurity" era for industrial plants.
- **Market Response:** There is a growing consensus that "human-centric" security is the next frontier for OT, as technical vulnerabilities are often triggered by internal operational errors.
## Future Outlook
- **The "IR Boom":** Expect a surge in demand for third-party Incident Response and Managed Detection and Response (MDR) services over the next 12–24 months as the 37% of "planned" programs go live.
- **Convergence:** Watch for further blurring of lines between IT and OT budgets as employee training programs are consolidated across both domains.
## For Security Professionals
Practitioners should use this data to advocate for **Incident Response (IR) planning** and **workforce training**. The report highlights that having a tool is useless without a documented response program. Professionals should prioritize developing clear SOPs (Standard Operating Procedures) for when—not if—an OT breach is detected, as the "likelihood" of an attack is now accepted by the majority of the C-suite.