The proof is in the numbers: PwC found in a study on the sector that security budgets for industrial products have doubled this year, averaging about $4 million versus 2012’s $2 million. Even so, the average financial losses reported by industrial products companies are up 64% over last year, and incidents with losses of $10 million or more doubled over 2012.
The spending is apparently not going to the right buckets. Most investment has been in standard (and necessary) fare such as application firewalls, malware and antivvirus software, encryption of desktop PCs and Web content filters. And, despite increased losses, 46% of security personnel respondents believe they have “an effective strategy in place” and are “proactive in executing the plan.”
That’s an increase in those that felt that way of 14% from last year, but those proclamations may not be coming from a place of knowledge. Fifteen percent of those respondents said they employed a CISO who reports to top executives, and had “measured and reviewed the effectiveness of security within the past year.”
At the heart of the issue are new threats that have never threatened industrial systems in the past. “Hot-button technologies like cloud computing, mobility and BYOD are implemented before they are secured,” the study said. And, insider threats are the top vector, including current employees (33% of all security incidents) and past employees (24%).
There’s also an info-sharing impasse: “many executives are hesitant to share security intelligence with others, forgoing a powerful offensive tool against targeted, dynamic attacks,” PwC found.
New security safeguards that could improve the security profile include monitoring to provide ongoing intelligence into ecosystem vulnerabilities and dynamic threats, upgrading mobile security, setting security standards for external partners, implementing physical access restrictions to records containing personal data, and ensuring C-level oversight and review of security policies and implementations.
Overall, the increased awareness is a positive takeaway of the stdy, PwC found. “Executives in the global industrial products industry are heeding the need to fund enhanced security activities and have substantially improved technology safeguards, processes, and strategies,” the study found. “Budgets are rising and confidence is high.”