A survey of 406 UK-based respondents conducted by cybersecurity company Kaspersky reveals that some 90% of industrial companies were hit by at least one cybersecurity incident in the past year and many suffered repeated breaches.
Kaspersky says this highlights the cybersecurity challenges confronting the industrial sector. The survey was conducted in August 2024, involving 406 C-level decision-makers from large enterprises with over 1,000+ employees in sectors such as energy, manufacturing, and oil & gas. The respondents were questioned about cybersecurity measures within their organisations, the barriers they face as management teams, and the challenges posed by vulnerabilities in their supply chains.
Kaspersky says that as industries increasingly adopt connected and automated technologies, critical sectors like energy, manufacturing, and oil & gas are becoming more vulnerable to cyberattacks that compromise sensitive data and cause costly disruptions.
In the energy sector 95% of organisations reported being targeted, often resulting in operational downtime and financial losses. Kaspersky says its research shows companies are shifting their focus from prevention of attacks to mitigation of the damage they create, a concerning trend, the security experts say
Kaspersky says one of the most pressing concerns for the C-suite in the industrial sector is the vulnerability of connected and IoT devices, with 21% of respondents ranking IoT vulnerabilities as their top concern. The rapid adoption of IoT in industrial settings has expanded the attack surface, creating further entry points for cybercriminals.
Human factors continue to pose a significant risk, with 18% of respondents identifying insider threats as a persistent problem, alongside concerns about unauthorised access and credential theft. This highlights the need for stronger access controls and monitoring of illicit activities conducted by employees.
The survey also identified key barriers preventing organisations from fully understanding their cybersecurity needs, with a quarter of respondents citing confusing technical jargon and lack of clarity, while another 25% pointing to difficulties in quantifying cyber risks and balancing regulatory compliance with operational efficiency.
Budget constraints, often regarded as a significant hurdle, were only cited by 20% of respondents as a major concern. Kaspersky says this suggests that complexity and understanding, rather than cost, is the primary roadblock to implementing more effective cybersecurity defences.
David Emm, Principal Security Researcher at Kaspersky, said: “Our research shows that cyberattacks in industrial sectors are not a matter of ‘if,’ but ‘when.’ As businesses digitise and connect more of their operational technologies, the need for robust and holistic cybersecurity strategies has never been more pressing. Organisations must address both IT and OT vulnerabilities if they are to stay ahead of and manage the evolving threats landscape.”
www.kaspersky.com.