- 67% of utility, oil and gas, alternative energy, and manufacturing sector companies report “at least one security compromise that led to the loss of confidential information or disruption to operations” in the past year, according to Critical Infrastructure: Security Preparedness and Maturity from the Poneman Institute and Unisys Corporation.
- 64% want to prevent or anticipate attacks, though only 28% make security a top five priority.
- While 47% of the security breaches occurred because of negligent employees, only 6% of the companies provide cybersecurity training for employees, and only 17% have reached the “mature” level of cybersecurity that is defined by the survey of 599 IT security executives in 13 countries.
Barriers to critical infrastructure security develop because of the competing interests of old technology and new cyber threats, government regulation and company motivation, and cost and security.
The 16 critical U.S. infrastructure sectors are all regulated under the February 2014 National Cybersecurity Framework, a set of the best security practices.
Over half of the companies surveyed (54%) face the double-edged dilemma of being unsure about their ability to upgrade cost-effectively without compromising security, which in turn leaves security compromised.
Attacks on critical infrastructure are often driven not by profit but by geopolitical ambitions.