Cybersecurity scourge causes 70% of critical infrastructure firms to lose confidential data

Almost three quarters of companies responsible for global critical infrastructure have been the subject of a security breach over the past 12 months with confidential information lost and more attacks expected in future.

Related: Gartner: Big data will soon revolutionise cyber security

Ponemon Institute’s survey of 599 security executives from utility, oil and gas, energy and manufacturing companies found that almost 70 per cent of them have experienced at least one breach in the last year that led to a loss of confidential information or a disruption to operations.

“The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure our critical infrastructure against attacks.”

64 per cent anticipate a further serious attack in the year ahead and even though this is the case, just 28 per cent put security in the top five strategic priorities for the organisation, most opting for minimising downtime as the top business priority.

Of those that admitted a breach in the past year, the majority blamed it on an internal accident or mistake and when asked about the biggest threat to company security almost all mentioned negligent insiders.

“Whether malicious or accidental, threats from the inside are just as real and devastating as those coming from the outside,” said Dave Frymier, chief information security officer at Unisys, the company that conducted the survey with Ponemon. “We hope the survey results serve as a wake-up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their IT systems against attacks.

Related: 5 lessons we learned from Obama’s new cyber security framework

Porthole Ad

When it comes to IT security programs and activities just one in six describe them as “mature” and even though there have been a large number of breaches, as little as six per cent of respondents provide cybersecurity training for all employees.

Image Credit: Flickr (tsuda)