Advertisement

Quiet please: Two-thirds of industrial organizations don’t report cybersecurity incidents to regulators

A recent Kaspersky survey has discovered that two-thirds (67% ) of industrial organizations do not report cybersecurity incidents to regulators. Though remaining compliant in modern industrial business is a necessity and a driver for investment, there are many factors that influence how companies follow compliance rules.

Quiet please: Two-thirds of industrial organizations don’t report cybersecurity incidents to regulators

In a world where cybercriminals are using sophisticated attacks to breach industrial companies, robust cybersecurity policies and keeping up with regulations have never been more important. From the General Data Protection Regulation (GDPR) to standards set by the International Electrotechnical Commission (IEC), industrial companies have a lot of requirements to adhere to.

However, Kaspersky’s State of Industrial Cybersecurity 2019 report shows that many companies are flouting reporting guidelines – perhaps to avoid regulatory punishments and public disclosure that can harm their reputation. In fact, respondents said that more than half (52%) of incidents lead to a violation of regulatory requirements, while 63% of them consider loss of customer confidence in the event of a breach as a major business concern.

Apart from incident reporting, other survey results show that companies are taking compliance very seriously, with only a fifth (21% ) of industrial companies admitting that they do not currently comply with mandatory industry regulations. Crucially, organizations understand that regulatory demands must be met, despite their lack of reporting. Compliance is the top budget driver in cybersecurity investment strategies for 55%  of respondents. However, this focus on procedures may well be leading companies to become complacent over the quality of the cybersecurity solutions and not taking into account the actual threats – only 28% identified the threat landscape as a key budget driver.

“Industrial compliance and regulations should not be taken lightly. But it is also very important to keep in mind the real threat landscape that is changing dynamically. An efficient cybersecurity solution in combination with clear policy should help companies achieve the necessary level of protection in accordance with regulatory requirements. Such solutions should contain technology-oriented measures, vulnerability assessment and incident response measures, as well as security awareness initiatives for all employees who work with industrial automation systems,” comments Georgy Shebuldaev, Head of Kaspersky Industrial Cybersecurity Business Development, Kaspersky.

To know more about the Kaspersky Industrial CyberSecurity portfolio, please visit ics.kaspersky.com. The full Kaspersky State of Industrial Cybersecurity 2019 report can be found at https://ics.kaspersky.com/the-state-of-industrial-cybersecurity-2019/

Topics: Kaspersky , Georgy Shebuldaev , State of Industrial Cybersecurity , General Data Protection Regulation , International Electrotechnical Commission
COMMENT DISCLAIMER: Reader comments posted on this Web site are not in any way endorsed by Manila Standard. Comments are views by manilastandard.net readers who exercise their right to free expression and they do not necessarily represent or reflect the position or viewpoint of manilastandard.net. While reserving this publication’s right to delete comments that are deemed offensive, indecent or inconsistent with Manila Standard editorial standards, Manila Standard may not be held liable for any false information posted by readers in this comments section.
AdvertisementGMA-Congress Trivia 1
Advertisement