{"id":2618,"date":"2025-04-04T07:30:00","date_gmt":"2025-04-04T07:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2618"},"modified":"2025-04-04T07:30:00","modified_gmt":"2025-04-04T07:30:00","slug":"too-little-budget-for-ot-security-despite-rising-threats","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2618","title":{"rendered":"Too little budget for OT security despite rising threats"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Despite OT security increasingly becoming a mainstream concern, only 27% of companies delegate budget control over securing their operations infrastructure to their CISOs or CSOs, according to global\u00a0<a href=\"https:\/\/info.opswat.com\/hubfs\/OT%20-%20Assets\/Survey_2025-ICS-OT-Budget.pdf\">analysis by cybersecurity provider Opswat<\/a>.<\/p>\n<p>Where this is not the case, critical industrial control system (ICS) and OT requirements are overlooked or ignored in budget allocation.<\/p>\n<p>Nearly half of the organizations surveyed by Opswat spend just a quarter of their security budget on critical infrastructure protection \u2014 this despite 27% reporting they had experienced one or more security incidents related to their control systems in the past 12 months.<\/p>\n<p>\u201cCybersecurity budgets have increased, but a large portion of these investments are still focused on traditional business systems like IT,\u201d said Holger Fischer, director of sales for EMEA Central at Opswat, commenting on the results.<\/p>\n<p>This leads to ICS\/OT environments being unprepared for cyberthreats, jeopardizing the company as a whole, the security specialist warned.<\/p>\n<h2 class=\"wp-block-heading\">Cross-sector security strategy required<\/h2>\n<p>Nearly three out of every five (58%) respondents stated that attacks on OT networks initially occurred through a compromise of IT. Other attack vectors include internet-connected devices (33%), compromise of engineering workstations (30%), and exploited publicly accessible applications (27%).<\/p>\n<p>\u201cThis highlights the interconnectedness of IT and OT environments and demonstrates the importance of integrated security strategies to combat cross-domain vulnerabilities,\u201d the study authors conclude.<\/p>\n<p>According to Fischer, targeted investment in ICS\/OT-specific security training is necessary to effectively protect critical infrastructure. This would give people who monitor ICS controllers a deep understanding of control system networks.<\/p>\n<p>\u201cCompanies that fail to reassess the threats to their ICS environments are exposing their critical infrastructures to increasingly sophisticated attacks. Protecting these technical systems is no longer an option, but critical to operational resilience and national security,\u201d he said.<\/p>\n<p><strong>See also:<\/strong><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3485728\/why-ot-cybersecurity-should-be-every-cisos-concern.html\">Why OT cybersecurity should be every CISO\u2019s concern<\/a><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3595787\/ot-security-becoming-a-mainstream-concern.html\">OT security becoming a mainstream concern<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Despite OT security increasingly becoming a mainstream concern, only 27% of companies delegate budget control over securing their operations infrastructure to their CISOs or CSOs, according to global\u00a0analysis by cybersecurity provider Opswat. Where this is not the case, critical industrial control system (ICS) and OT requirements are overlooked or ignored in budget allocation. Nearly half [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2619,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2618","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2618"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2618"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2618\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2619"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}