BLUE BELL, Pa., July 10, 2014 – New research from Unisys Corporation (NYSE: UIS) finds alarming gaps in the security of the world’s critical infrastructure. Nearly 70 percent of companies surveyed that are responsible for the world’s power, water and other critical functions have reported at least one security breach that led to the loss of confidential information or disruption of operations in the past 12 months, according to a survey released today in partnership with the Ponemon Institute.
In a survey of 599 security executives at utility, oil and gas, energy and manufacturing companies, 64 percent of respondents anticipated one or more serious attacks in the coming year. Despite this risk, only 28 percent ranked security as one of the top five strategic priorities for their organization, while a majority named their top business priority as minimizing downtime.
“The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure our critical infrastructure against attacks.”
Only one in six respondents describe their organization’s IT security program or activities as mature. Respondents who reported suffering a data breach within the past year most often attributed these breaches to an internal accident or mistake, and negligent insiders were the most cited threat to company security. Despite these findings, only 6 percent of respondents said they provide cybersecurity training for all employees.
“Whether malicious or accidental, threats from the inside are just as real and devastating as those coming from the outside,” said Dave Frymier, chief information security officer at Unisys. “We hope the survey results serve as a wake-up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their IT systems against attacks. Action should be taken before an incident occurs, not just after a breach.”
The survey also highlighted the concerns many of these executives feel regarding the security of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control the processes and operations for power generation and other critical infrastructure functions. When asked about the likelihood of an attack on their organizations’ ICS or SCADA systems, 78 percent of the senior security officials responded that a successful attack is at least somewhat likely within the next 24 months. Just 21 percent of respondents thought that the risk level to ICS and SCADA has substantially decreased because of regulations and industry-based security standards, which means that tighter controls and better adoption of standards are needed.
The full report can be viewed here.
The survey is based on a Web survey of 599 respondents from 13 countries in the oil and gas, utilities, alternative energy and manufacturing industries from April to May 2014.
Follow Unisys on Twitter.
About Ponemon InstituteAbout Unisys
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.
Unisys is a worldwide information technology company. We provide a portfolio of IT services, software, and technology that solves critical problems for clients. We specialize in helping clients secure their operations, increase the efficiency and utilization of their data centers, enhance support to their end users and constituents, and modernize their enterprise applications. To provide these services and solutions, we bring together offerings and capabilities in outsourcing services, systems integration and consulting services, infrastructure services, maintenance services, and high-end server technology. With approximately 23,000 employees, Unisys serves commercial organizations and government agencies throughout the world. For more information, visit www.unisys.com.
RELEASE NO: 0710/9264
Unisys is a registered trademark of Unisys Corporation. Any other brand and products referenced herein is acknowledged to be a trademark or registered trademark of its respective holder.
Heather Sliwinski, Grayling for Unisys, 415-593-1266
Brad Bass, Unisys, 703-439-5887