By 2025, at least 30% of critical infrastructure organisations will experience a security breach that will result in the halting of operations- or mission-critical cyber-physical system according to a new survey by Gartner.
In critical infrastructure sectors, organisations need to be more concerned about real world hazards to humans and the environment, rather than information theft. Gartner predicts that by 2025, attackers will have weaponised a critical infrastructure cyber-physical system to successfully harm or kill humans.
The 2021 Gartner IT/OT Alignment and Integration Survey revealed that critical infrastructure security has become a primary concern for governments around the world, with the US, UK, EU, Canada and Australia each identifying sectors deemed ‘critical infrastructure’.
The critical infrastructure sectors include communications, transport, energy, water, healthcare and public facilities. In some countries, critical infrastructure is state-owned, while in others, like the US, private industry owns and operates a much larger portion of it.
The survey found that 38% of respondents expected to increase spending on operational technology security by between 5% and 10%, with another 8% of respondents predicting an increase of above 10%. However, this may not be enough to counter underinvestment in this area over many years, according to Gartner.
Over time, the technologies that underpin critical infrastructure have become more digitised and connected — either to enterprise IT systems and/or to each other — creating cyber-physical systems security risks. The result has been a substantial increase in the attack surface for hackers and bad actors of all kinds.
The survey was conducted online among 401 respondents from industries in North America, Western Europe and Asia Pacific. Respondents were knowledgeable about decisions of their organisation’s operational technology-related activities. M