Whether they generate or distribute power, or extract or refine oil, gas, or minerals, heavy industrial companies comprise critical infrastructure for the global economy. As a result, they are attractive targets for cyber crimes. Already by 2018 nearly 60 percent of relevant surveyed organizations had experienced a breach in their industrial control (ICS) or supervisory control and data-acquisition (SCADA) systems.1
Heavy industrials face unique cybersecurity challenges, given their distributed, decentralized governance structures and large operational technology (OT) environment—an environment that does not lend itself readily to traditional cybersecurity controls.2 Furthermore, many heavy industrials have invested in becoming “cyber mature,” as have other at-risk industries, such as financial services and healthcare. The investment gap has left most heavy industrials insufficiently prepared for the mounting threats.
As awareness of the threat environment grows, however, many top executives at these companies are now sharpening their focus on cybersecurity. They are asking important questions like: What does it take to transform our cybersecurity capabilities? What investments will address the most risk? How much should we be spending? Leading companies are now rethinking their cybersecurity organizations and governance models. Some are taking advantage of new security tools for OT offered by innovative start-ups. Most are adopting a risk-based approach to security—identifying their critical assets and seeking appropriate controls based on risk levels (see sidebar, “A cybersecurity transformation in oil and gas”).
Fuente: https://www.mckinsey.com
