Full Report
Kaspersky Lab has published the results of The State of Industrial Cybersecurity study carried out in collaboration with PAC, a CXP Group Company, and based on a survey of 320 professionals representing companies from such sectors as manufacturing and industrial production, energy, mining, transport, and logistics.
Analysis Summary
# Industry News: Kaspersky/PAC Global Study Reveals Gap Between Industrial Vulnerabilities and Security Investment
## Summary
Kaspersky Lab, in collaboration with PAC (CXP Group), has released "The State of Industrial Cybersecurity 2018," a comprehensive global study of 320 industrial professionals. The report highlights a critical disconnect between the growing frequency of cyber-attacks on ICS/OT environments and the maturity of organizational security strategies.
## Key Details
- **Date:** June 28, 2018
- **Companies Involved:** Kaspersky Lab, PAC (CXP Group)
- **Category:** Market Research / Industrial Intelligence
## The Story
The joint study surveyed decision-makers across manufacturing, energy, mining, and logistics to assess the maturity of Industrial Control System (ICS) security. The findings reveal that while 77% of companies rank industrial cybersecurity as a major priority, there remains a significant gap in execution.
Key findings include the fact that nearly half (49%) of industrial companies believe they are at risk of a cyberattack on their ICS networks, yet many lack the specialized talent and integrated security policies required to defend these critical assets. The report also highlights the increasing convergence of IT and OT (Operational Technology), which is expanding the attack surface for industrial enterprises.
## Business Impact
### For the Companies Involved
- **Kaspersky Lab:** Solidifies its position as a thought leader in the ICS/OT space, leveraging the data to drive demand for its specialized Kaspersky Industrial CyberSecurity (KICS) portfolio.
- **PAC (CXP Group):** Demonstrates its research capabilities in the niche and high-value industrial digital transformation sector.
### For Competitors
- Competitors (such as Nozomi Networks, Dragos, and Claroty) are pressured to match this level of market insight to maintain perceived authority.
- The report signals a shift from "awareness" to "implementation" phases in the sales cycle, meaning competitors must focus on integration services.
### For Customers
- End-users receive a benchmark to compare their security maturity against global peers.
- Organizations may find it easier to justify security budgets to stakeholders by citing the high perceived risk (49%) identified in the study.
### For the Market
- The surge in interest for industrial cybersecurity is driving the "OT Security" market to become one of the fastest-growing sub-sectors within the broader cybersecurity landscape.
## Technical Implications
The study underscores the vulnerability of legacy equipment. As industrial systems are increasingly connected to company-wide networks and the cloud (IIoT), technical debt in legacy PLCs (Programmable Logic Controllers) and SCADA systems becomes a primary business risk.
## Strategic Analysis
- **Market Positioning:** Kaspersky is moving beyond endpoint protection to become an indispensable partner for "Critical Infrastructure."
- **Competitive Advantage:** By partnering with an analyst firm like PAC, Kaspersky gains objective credibility that bridges the gap between technical security and business consulting.
- **Challenges:** Geopolitical tension and trust issues regarding regional software origins remain a hurdle for Kaspersky's adoption in certain western government-linked critical infrastructures.
## Industry Reactions
- **Analyst Opinions:** Analysts suggest that the "IT-OT divide" remains the biggest hurdle, noting that organizational silos are more dangerous than the technical vulnerabilities themselves.
- **Expert Commentary:** Industry experts are emphasizing that the shortage of skilled ICS security professionals is the most significant bottleneck for market growth.
## Future Outlook
- **Predictions:** Expect an increase in the adoption of Managed Security Service Providers (MSSPs) specifically for OT, as companies realize they cannot hire enough in-house especialistas.
- **What to Watch For:** Increased regulation regarding critical infrastructure protection (e.g., NIS Directive in Europe) will likely mandate the changes this report advocates for.
## For Security Professionals
Practitioners should use this report to advocate for a unified security policy that covers both IT and OT. The data suggests that technical staff should prioritize "visibility" solutions—knowing what is on the industrial network is currently more urgent for most firms than complex automated response capabilities.