OPSWAT-Sponsored SANS 2024 ICS/OT Cybersecurity Report Uncovers Critical Workforce Gaps in Securing Industrial Control Systems Amid Growing Cyber Threats
Report highlights the need for increased investment in ICS/OT teams to better protect critical infrastructure
TAMPA, Fla., Oct. 10, 2024 /PRNewswire/ -- The SANS 2024 State of ICS/OT Cybersecurity Report, sponsored by OPSWAT, has revealed a significant gap in workforce experience and training within industrial control systems (ICS) and operational technology (OT) security teams. With more than 50% of the ICS workforce having less than five years of experience, this gap poses a substantial risk to securing critical industrial infrastructure. The findings emphasize the urgency of investing in human capital to protect against increasingly sophisticated cyber threats— a timely issue as the industry marks Cybersecurity Awareness Month this October.
The report, which gathered data from more than 500 cybersecurity professionals in ICS/OT environments, points to a workforce shortage in industry-specific certifications. A staggering 51% of respondents reported lacking formal cybersecurity credentials, further compounding the challenge of securing industrial systems. Despite these alarming statistics, only 25% of organizations allocate a significant portion of their budget toward workforce training, recruitment, and retention—raising questions about whether businesses are prioritizing the right areas to protect their operations.
"The lack of a well-trained, experienced ICS/OT workforce is now a major challenge in ensuring the safety and resilience of critical infrastructure," said Eric Knapp, CTO of OT at OPSWAT. "We need to shift our focus to empowering our people with the right tools and knowledge to manage increasingly complex cyber risks in ICS and OT environments."
Key Workforce Findings:
- Experience Gaps: More than half of ICS professionals have less than five years of experience, reflecting the sector's rapid growth and the need for more mentorship and knowledge transfer from seasoned professionals.
- Certification Shortages: 51% of the workforce operates without industry-specific certifications, raising concerns about the preparedness of professionals to handle ICS/OT-specific threats and challenges.
- Budget Misallocation: While 66% of organizations recognize "people" as the greatest risk to ICS environments, just 25% of cybersecurity budgets are directed towards workforce training and recruitment, compared to 52% allocated to technology investments.
As organizations increasingly prioritize technology investments to protect their operations, this report signals the need for a more balanced approach that emphasizes workforce enablement. While technological solutions are important, the growing complexity of ICS/OT environments requires a skilled and certified workforce to manage emerging risks effectively.
The report also highlights how workforce development ties directly into the success of key cybersecurity strategies. For example, companies with more experienced and certified personnel are better positioned to implement incident response plans and defensible architectures, both of which are critical components of the SANS Five ICS Cybersecurity Controls outlined in the report.
"Without the right human capital, even the best technologies can fall short," said Knapp. "We must invest in our people and ensure they are trained to navigate the unique security challenges of ICS and OT systems."
The report also notes that organizations with centralized ICS security governance, particularly those led by a Chief Information Security Officer (CISO), are more likely to adopt a standards-based approach to cybersecurity. Programs led by CISOs showed an 82% compliance rate with industry standards, compared to just 42% when leadership was more decentralized. This highlights the importance of strong leadership in not only directing security strategies but also in addressing workforce development challenges.
The SANS 2024 ICS/OT Cybersecurity Report serves as a clear reminder that while technology plays a critical role in industrial cybersecurity, the OT security workforce is equally vital. For the ICS/OT community to safeguard critical infrastructure, addressing the human capital gap must be a top priority.
Download the full report to learn more about the important benchmarks for industrial organization to measure their progress and plan for the future.
About OPSWAT
For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a "Trust no file. Trust no device.™" philosophy, OPSWAT solves customers' challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world's critical infrastructure and helps secure our way of life; visit www.opswat.com.
Media Contact
Kat Lewis VP of Global Marketing & Communications
[email protected]
+1.415.590.7300
SOURCE OPSWAT
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article