Research on the state of cybersecurity of the U.S. critical infrastructure companies reveals that 67 percent have experienced at least one security compromise that led to the loss of confidential information or disruption to operations during the past year. In addition, 24 percent of a survey’s respondents said the compromises involved insider attacks or negligent privileged information technology users. Only 6 percent provide cybersecurity training for all employees.
Critical infrastructure companies are responsible for water, power and manufacturing. Only one in six respondents to a survey Unisys and the Ponemon Institute conducted described their organization’s information technology security program or activities as mature.
Many of the respondents also are concerned about the security of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control the processes and operations for power generation and other critical infrastructure functions. When asked about the likelihood of an attack on their organizations’ ICS or SCADA systems, 78 percent of the senior security officials said a successful attack is at least somewhat likely within the next 24 months.