2 min

More than half of the cybersecurity incidents at a number of companies detected by Kaspersky were due to ‘human error’, i.e. employee errors. It concerns an investigation into cybersecurity incidents in industry.

The report, published in July, examined 282 companies in the industrial sector. These companies all use OT/ICS (Operational Technology and Industrial Control Systems) systems. 81 percent of the surveyed companies plan to digitise their operational networks. However, only 57% also includes the cyber security budget. In addition to this discrepancy, however, there is a greater problem: it concerns a lack of knowledge about cyber security in these systems.

Kaspersky also reports that more than 80 percent of respondents consider OT-security to be a priority, but only 31 percent have a contingency plan in case of incidents. However, 37% said they would implement such an action plan in the coming months. Kaspersky considers the lack of clear actions in the event of an incident a cause for concern, because the aftermath of an attack could then be dealt with incorrectly.

Lack of action plans and knowledge

The report also states that approximately 70 percent of companies consider an ash attack on one of their systems to be likely. Despite this expectation, many companies have not developed their own approach to incidents. Furthermore, 41 percent of companies said they had not experienced any cyber incidents in the last year, compared to 51 percent in 2018. However, this may well be due to the fact that more incidents are now visible. In that case, this would be due to the use of better solutions and thus better observation.

The most distressing finding of the study is that in many cases employees themselves undermine security. This is mainly due to a lack of awareness of the systems, especially regarding digital OT automation systems. However, almost half of the firms say they will invest in training their employees. Kaspersky emphasizes that continuous training is much more important than one-off courses.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.