Employee errors caused more than half of cybersecurity incidents affecting operational technology and industrial control system (OT/ICS) networks last year, a recent Kaspersky report said.The vendor’s State of Industrial Cybersecurity 2019 study blamed the growing complexity of industrial infrastructures, a shortage of professionals who understand how to detect new threats, and a low awareness among existing employees for the operator errors. The study found that budget constraints are also a significant factor in why employee errors cause 52 percent of all ICS incidents, ranging from malware infections to targeted attacks.Data from the study was gleaned from online surveys with 282 industrial companies and organizations and from 20 industry representatives attending trade fairs and forums. The majority of responses came from companies in Asia, Europe and the U.S.Here are the report’s highlights:Organizations' top 3 concerns of ICS cybersecurity incident.On digitalization.On industrial cybersecurity budgets.On skilled staff.“This year's study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, brand manager for Kaspersky Industrial Cybersecurity. “Taking a comprehensive, multi-layered approach that combines technical protection with regular training of IT security specialists and industrial network operators will ensure networks remain protected from threats and skills stay up to date.”
- Reputational damage (87%).
- Injury or death (84%).
- Environmental damage (63%).
- Digitalization of industrial networks and adoption of Industry 4.0 standards are a priority for many industrial companies.
- Four out of five organizations (81%) consider operational network digitalization to be an important or very important task for this year.
- 87% of respondents prioritize OT/ICS cybersecurity.
- 57% have allocated budget for industrial cybersecurity.
- 62% plan to increase investment in OC/ITS cybersecurity.
- Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but also are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches.
- In almost half of the companies (45%) surveyed, the employees responsible for IT infrastructure security also oversee the security of OT/ICS networks.
- Although operational and corporate networks are becoming increasingly connected, OT and ICS specialists can often have different approaches (37%) and goals (18%) when it comes to cybersecurity.




