The frequency and costs of incidents rise unabated
In 2014, industrial products companies reported that detected security incidents climbed 17% over the year before — and that the financial costs of these compromises compounded at double that rate. While employees are the most-cited culprits, international competitors and nation-states are infiltrating their networks to pilfer trade secrets and manufacturing processes.
Attacks spur security spending
Industrial products companies appear to understand rising security risks and are investing accordingly: Information security budgets have soared more than 150% in the past two years. In 2014, information security outlays represented 6.9% of respondents' total IT budget, the highest of any sector in the survey.
Advances in key security initiatives
The upsurge in spending has resulted in notable improvements in select security processes, technologies, and personnel initiatives. Today, industrial products respondents are implementing business-focused security strategies, risk assessments of third-party partners, and detection and analysis solutions. Nonetheless, there remains considerable room for improvement in areas such as employee training, intrusion and vulnerability technologies, and collaboration with external partners.
Toward a more strategic approach
Companies are beginning to reshape their security programs around a model of business risk and the value of information assets. This year, more respondents have implemented a program to identify sensitive data and allocate security spending to those valuable assets. They also are ensuring that a senior executive proactively communicates the importance of security to the entire organization. Many, however, have not yet elevated cybersecurity to a Board-level discussion.
Business partners under scrutiny
As industrial product companies share more data with interconnected business partners, supply chains, and contractors, it is essential that they carefully assess the security capabilities of these third parties. Comprehensive due diligence of third-party partners should be a key area of focus in the coming year — particularly among businesses that plan to grow by acquiring smaller firms with less-mature security programs.