Despite improvements, OT cybersecurity remains a problem

In mid-June 2023, Fortinet unveiled the key findings of the 2023 edition of its « State of Operational Technology and Cybersecurity » report. « Industrial players using IoT technologies have certainly strengthened their security posture, but improvements are still possible and advisable« , summarizes Fortinet’s Head of Marketing, John Maddison.

The report is based on a survey of 570 OT professionals from 14 countries: South Africa, Germany, Australia, Brazil, Canada, Egypt, the United States, France, India, Japan, Mexico, Norway, New Zealand, and the United Kingdom.

The study shows a decline in the number of cyber incidents against IoT systems, which nevertheless remains very high. In 2022, 94% of respondents indicated that their organization had suffered at least one breach within the year. The proportion drops to 75% in 2023, down but still worrying. 49% of companies have suffered at least one phishing attack, and 32% a ransomware attack in the last 12 months.

According to Fortinet, the complexity of IoT systems also remains an issue. Nearly 80% of respondents identified more than 100 IP-enabled IoT devices in their operational environments. This proliferation of tools greatly complicates the integration and application of cyber protection policies. Aging infrastructures further add to the complexity, with 74% of respondents using industrial systems that are between 6 and 10 years old.

On the other hand, IoT managers seem less inclined in 2023 to overestimate their level of cyber protection. Only 13% of them consider their company to be « very mature » in terms of cybersecurity, compared with 21% in 2022.