More than three-quarters of organisations have experienced a rise in security incidents across their IT/OT environments.

According to research by Telstra International and Omdia of 513 technology executives, with responsibility for  IT or OT security, 80 percent of organisations have experienced a rise in security incidents, with most attacks occurring in the more advanced layers of their technology systems.

Adam Etherington, senior principal analyst at Omdia, said: “Most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation."

The survey also found that OT security responsibility is increasingly falling into the remit of CISOs, and other executives from an IT security background: one in five respondents said their CISO was responsible for understanding and implementing IT/OT converged security in their organisation.

Also a challenge in finding skilled and experienced staff who understand both IT and OT from a security perspective, especially in their industry context, had led most firms to engage with a third party under an outsourcing agreement, or with in-house teams to bolster IT/OT-specific security services.

Geraldine Kor, Telstra International’s head of global enterprise business, said: “Our study uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems.”

Ganesh Narayanan, Telstra International’s global head of cybersecurity, said: “IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.