Converged IT and OT to Advance Security Maturity
The convergence of IT, operational technology (OT) and industrial internet of things (IIoT) has raised concerns about cybersecurity, safety and data privacy for many organizations, according to a new Ponemon Institute study.
Released today in partnership with TÜV Rheinland OpenSky, results of the 2019 Safety, Security & Privacy in the Interconnected World of IT, OT and IIoT study found that 62% of respondents agreed or strongly agreed that security maturity will increasingly depend upon the convergence of IT and OT control systems.
“Improving overall cybersecurity maturity will play a deterministic role in the success of a digitalization roadmap where the focus is to improve digital services in a complex and interconnected ecosystem," said Urmez Daver, global head of industrial security at TÜV Rheinland, in a press release.
"This is an area of focus for us at TÜV Rheinland OpenSky, and we were pleased to see that the outcome of the study reflects a similar prevalent opinion of cybersecurity practitioners across North America.”
Leaders are largely aware that the inability to achieve convergence will likely compromise trust with supply chain partners, but there are obstacles to achieving convergence that include a lack of strict data protection safeguards on information critical to operations.
While the majority of respondents (65%) agreed that digitalization is driving IT and OT convergence, 55% of those surveyed said that convergence is not possible in organizations with a long history of silos and "turf issues."
To achieve convergence, support needs to come from the top down. According to the survey, 73% of participants believe convergence cannot happen without the support of the CIO, while 62% said it is not possible with buy-in from C-level executives.
When asked about managing safety, 69% of respondents affirmed that their companies manage programs effectively, with 67% rating their companies as very effective in planning cybersecurity initiatives to support business priorities. An additional 66% say their leadership and governance practices are very effective.
“Fewer companies are effective in managing third party risks, compliance with regulations and standards and managing their privacy programs…Only 31% of respondents say they are very effective in managing their privacy programs, and 37% of respondents say they are very effective in complying with regulations and standards,” the report said.
Source: Information Security Magazine