Acceleration of OT/IT integration results in significant increase in cyber threat. Companies that manage it well will outperform. Those that don’t, wont.

Summary

A recent survey from Claroty, a global leader in operational technology (OT) security, sums up the current situation with the continued merging of OT and IT: “Legacy OT devices—never designed for Internet connectivity—are now connected, the attack surface has expanded, and opportunistic adversaries are stepping up attacks. It’s become extremely clear that security is a foundational component of digital transformation.”

Two statistics from the survey released this week of IT and OT security professionals at large enterprises stand out:

  1. Greater convergence of OT/IT since pandemic: 67% believe OT and IT have become more connected since the pandemic
  2. Not a question of ‘if’ but ‘how much’: 51.27% of respondents indicated their OT and IT are completely interconnected versus 2.55% that indicated ‘not at all/siloed"

Report

Analysis

The combination of a vastly expanded threat surface, increased reliance on digital technology to function and a huge spike in ransomware attacks on companies in 2020 has resulted in a significant increase in the downside financial risk associated with poor cyber governance. This applies not only to industrial and energy companies most often associated with OT, but also to companies across all sectors that utilize OT to fulfil essential functions.

As we’ve noted previously:

  • From the work of experts like Dragos, we already see an uptick in ransomware attacks on critical infrastructure seeking to exploit the vulnerabilities borne out of this trend.
  • FireEye explained why OT disruptions are so costly: “...ransomware infections—either affecting critical assets in corporate networks or reaching computers in OT networks—often result in the same outcome: insufficient or late supply of end products or services.”
  • And as we wrote in an Alert on GE recently, the poor management of these risks, from the third party vendors to the first tier service providers (like Siemens, GE), pose a systemic risk to the public and shareholders alike.

C-suites should be focusing on ensuring the necessary controls and processes are in place to lower the downside financial risks of a disruption while investors should be asking the questions:

  1. How reliant is X company on the successful integration of OT/IT to function?
  2. What is the potential cost of an operational disruption in $ terms if OT is disabled?
  3. What $ resources are being invested in controls and processes to limit risk of disruption?

Norsk Hydro (NHY) is a good example of why these questions need to be asked in advance. The costs go well beyond immediate recovery and repair: six months post-breach in 2019, NHY had lost ~20% relative to EuroStoxx600 peers. Meanwhile other companies heavily reliant on IT, like Honeywell, continue to outperform in part because of a very well-managed digital transformation.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website