Palo Alto Networks Surveys the State of OT Security

Mar 20, 2024
6 minutes

Cyber Attacks Shut Down 1 in 4 Industrial Operations; OT Security Complexity Is Major Barrier

A new report by ABI Research and Palo Alto Networks on the state of operational technology (OT) security found that, within the past year, one in four industrial enterprises said they had to shut down their operations temporarily due to a cyber attack. This study, surveying nearly 2,000 executives and practitioners across 16 countries, also noted that more than 60% of respondents said OT security solution complexity was their top concern when purchasing solutions.

This new report, “The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience,” reveals the reality, extent and changing nature of security threats to industrial environments. Completed in 2024, it sheds light on the frequency of attacks and examines organizations’ struggles and implications in architecting and implementing a streamlined, user-friendly response to these threats.

At Palo Alto Networks, our mission is to be your cybersecurity partner of choice. This goes beyond building great products, it means delivering insights that empower customers to make informed decisions. Through the feedback gathered from survey participants, we have gained deeper insights into the daily challenges faced by industrial asset owners and operators. In particular, the scale and complexity of these challenges stand out. For example:

  • Almost 70% of industrial organizations have experienced cyberattacks in the past year.
  • 1 in 4 organizations had to shut down operations due to an attack.
  • IT is the main attack vector, with 72% of attacks originating there.
  • 40% of organizations say their OT and IT teams are frictional.
  • 87% of respondents believe Zero Trust is the right approach to OT security.

Cyber Threats to Industrial Operations are Real and Changing

The report paints a clear picture of why OT environments have become such attractive targets in industrial operations, since a successful attack holds immense financial or political potential. The landscape of threats to these environments is anything but static; the threat landscape is real and evolving. Over the past year alone, 70% of industrial organizations have fallen victim to cyberattacks. Even more concerning, a significant 26% are experiencing attacks weekly or more.

These findings underscore the serious impact these breaches can have. Beyond the immediate consequences of data and revenue loss, these attacks disrupt the continuity of business operations. As organizations look ahead, the industrial professionals surveyed indicate that securing industrial devices, against the backdrop of many emerging technologies including AI, 5G and remote access, will be their organization’s top cybersecurity challenges in the next two years.

In addition to threats that exist today, industrial asset owners and operators are also cognizant of emerging technologies and their potential risks. According to this study, the rise of AI is top of mind, with 74% of respondents anticipating that AI-enabled attacks pose a critical threat to their OT infrastructure.

The integration of 5G-connected devices presents additional risk. Organizations are integrating 5G technologies into their networks to improve connectivity and efficiency and benefit from their higher transmission speeds, lower latency and support of high-bandwidth applications. However, almost 70% see 5G as an increasing threat vector, making it clear that as technology advances, so do the challenges of securing industrial operations. Three out of four also agree that remote access is on the rise for both employees and third parties, offering many benefits like monitoring capabilities and better response times during an event, but also introducing more security risks into the environment.

Organizations Challenged by Complexity, Alignment and Regulatory Concerns

The survey revealed that complexity was the primary challenge faced by industrial organizations pursuing OT security solutions. Over 60% of respondents highlighted OT security solution complexity when purchasing OT security software and equipment, illustrating the need for simplified and streamlined security solutions.

Organizations are also struggling with alignment on two fronts. First, 40% of survey respondents say their OT and IT teams are frictional, with only 12% saying they are aligned. Since IT is the main attack vector, this misalignment is a clear concern for security practitioners, as reflected by 7 out of 10 respondents intending to consolidate IT and OT solutions from the same cybersecurity vendor.

The second area of internal misalignment is between C-level executives and practitioners. Executives are 33% less likely to believe they have had an industrial shutdown than operational staff on the frontlines. Due to the complexity of operations, executives can struggle to gain visibility into the ground truth, making it challenging to make informed investment decisions.

There is more consensus between executives and practitioners about regulatory challenges. In the next two years, 74% of executives expect regulatory pressure on OT security to heighten, pointing to a growing awareness at all organizational levels of bolstering OT security measures in anticipation of stricter regulations.

Decision Makers Believe in Consolidated Solutions and a Zero Trust Approach

The survey probed respondents’ perceptions of responsibility for OT security across IT and OT and explored views about consolidated solutions that secure both. What emerged from the findings indicates a growing alignment and perception of shared and equal responsibility, as well as a consensus that a Zero Trust approach is the most secure.

Decision-makers see Zero Trust solutions as vital in the future of OT security, with 86% of survey respondents viewing Zero Trust as the correct approach for bolstering security frameworks. Similarly, more than 50% of respondents see cloud infrastructure as creating increased cybersecurity challenges, while more than 80% recognize that cloud-based solutions are pivotal. This reflects an understanding that as technology evolves OT environments, so do the solutions that secure them.

Palo Alto Networks Secures Industrial Environments

Acknowledging the challenges and priorities underscored by this survey, as well as the vital roles of Zero Trust architectures and the necessity for simplified, streamlined approaches, Palo Alto Networks provides holistic security solutions and a unified approach to both OT and IT security. Tailored to meet the demands of legacy and contemporary OT environments, our solutions prioritize comprehensive visibility and the protection of OT assets and networks, including the integration of emerging technologies like 5G. Our mission is dedicated to strengthening OT infrastructure against current and evolving threats.

Get your copy of the State of OT Security report now, and learn how Palo Alto Networks can help mitigate OT security threats and challenges with Zero Trust OT Security.

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.