30% of ‘Critical Infrastructure’ Organizations to Experience Security Breach by 2025

STAMFORD, Conn. — A new report says that by 2025, 30% of “critical infrastructure” organizations will experience a security breach.

The breach will result in the halting of an operations- or mission-critical cyber-physical system, according to the market research firm Gartner last month.

Critical infrastructure security has become a “primary concern for governments around the world.” For instance, the U.S., U.K., European Union (EU), Canada, and Australia each identify several sectors deemed critical infrastructure, such as communications, transportation, energy, water, and health care. 

Critical infrastructure can be private or state-owned.

“Governments in many countries are now realizing their national critical infrastructure has been an undeclared battlefield for decades,” said Ruggero Contu, research director, Gartner. “They are now making moves to mandate more security controls for the systems that underpin these assets.”

Thirty-eight percent of IT/operational technology (OT) survey respondents expected to increase spending on OT security by between 5% and 10% in 2021, with another 8% of respondents expecting an increase of over 10%, according to Gartner.

However, the planned investment in OT security may not be enough to “counter underinvestment in this area over many years.”

The technologies that underpin critical infrastructure have become more digitized and connected, creating cyber-physical systems security risks. The result has been “a substantial increase” in the attack surface for hackers and bad actors.

“Besides the need to catch up, there is a growing number of increasingly sophisticated threats,” Contu said. “Owners and operators of critical infrastructure are also struggling to prepare for the coming increased oversight.”

Critical infrastructure organizations should be “more concerned about real-world hazards to humans and the environment, rather than information theft,” Gartner said.

Gartner recommends that security and risk management (SRM) leaders in critical infrastructure sectors develop a holistic approach to security, so that IT, OT and Internet of Things (IoT) security are “managed in a coordinated effort.”

“SRM leaders should accelerate efforts to discover, map, and assess the security posture of all cyber-physical systems in their environment,” Contu said. 

“Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.”

Gartner clients can access the report online: “Predicts 2022: Cyber-Physical Systems Security — Critical Infrastructure in Focus.”