Virtualization Technology News and Information
Kaspersky finds over two-thirds of industrial organizations do not report cybersecurity incidents to regulators
Kaspersky's State of Industrial Cybersecurity 2019 survey has discovered more than two thirds (67%) of industrial organizations do not report cybersecurity incidents to regulators. While remaining compliant in modern industrial business is a necessity and a driver for business investments, there are several factors that influence how a company will follow and report compliance rules. 

Due to the growing sophistication of attacks to breach industrial companies, it is necessary to have robust cybersecurity policies in place and maintain the proper ICS regulations. From the General Data Protection Regulation (GDPR) to standards set by the International Electrotechnical Commission (IEC), industrial companies have instituted several requirements for organizations to adhere to.

Kaspersky's report shows that many companies are not actively following reporting guidelines, perhaps to avoid regulatory punishments and public disclosure that can harm their reputation. In fact, more than half (52%) of survey respondents said that incidents lead to a violation of regulatory requirements, while 63% consider loss of customer confidence due to a breach as a major business concern. Despite their lack of reporting, organizations understand that regulatory demands must be met as compliance is the top driver in cybersecurity budget investment strategies for 55% of respondents.

Separate from incident reporting, the survey highlights that companies are taking compliance seriously with just over a fifth (21%) of industrial companies admitting that they do not currently comply with mandatory industry regulations. The focus on procedures may be leading companies to become complacent over the quality of the cybersecurity solutions and not taking into account the actual threats: only 28% of respondents identified the threat landscape as a key budget driver.

"Industrial compliance and regulations should not be taken lightly. But it is also very important to keep in mind the real threat landscape that is changing dynamically," said Georgy Shebuldaev, head of industrial cybersecurity business development at Kaspersky. "An efficient cybersecurity solution in combination with clear policy should help companies achieve the necessary level of protection in accordance with regulatory requirements. Such solutions should contain technology-oriented measures, vulnerability assessment and incident response measures, as well as security awareness initiatives for all employees who work with industrial automation systems."

To learn more about the Kaspersky Industrial CyberSecurity portfolio, please visit the website. The full Kaspersky State of Industrial Cybersecurity 2019 report can be found here.
Published Monday, October 07, 2019 8:57 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2019>