Global industries are in the midst of a digital transformation, with infrastructure and systems being connected to the internet. Emerging technologies such as artificial intelligence and the Internet of Things (IoT) are being embraced to optimize performance and improve day-to-day industrial operations. While digital technologies unlock new business growth and efficiency opportunities, they also contribute to the expansion of cybersecurity threat landscape, presenting risks that can lead to financial, reputational, legal, and even physical and environmental damages.

The World Economic Forum’s Centre for Cybersecurity reports that the value of the global industrial cybersecurity market is expected to grow to $29.41 billion in 2027, at an 8.2% compound annual growth rate in the period of 2019-2027. Cyber threats to critical infrastructure are increasing and challenging public safety, society, and economic stability. While no industry is spared cybersecurity threats, some are more susceptible than others to cyber risks with far-reaching consequences.

Critical infrastructure organizations including those in energy, healthcare, and manufacturing have become key targets for malicious actors, with more than 60% of attacks in 2021 targeting operational technology. Gartner even predicts that cybercriminals are likely to weaponize operational technology and cause “harm or kill humans” by 2025.

In recent years, the energy sector, which is crucial for the running and development of every other industry, has suffered a number of cyber incidents that have not only disrupted operations and the supply chain but also contributed, at times, to panicked consumer behaviour and higher energy prices.

The healthcare sector has also suffered cyberattacks. A report by Check Point reveals that cyberattacks rose by 86% in 2022 compared to 2021. On average, the industry experienced roughly 1,410 security breaches every week. Such attacks often result in a disruption of access to critical health data, such as prescriptions, laboratory results, as well as patient admission and discharge functions.

Meanwhile, the manufacturing industry became the most targeted sector in 2021, with 65% of incidents leading to disruption of operations and supplies, tampering with the quality of end products. At a time when supply chains are under stress, a cyber event could be hugely damaging for the global economic outlook.

Managing cyber risks is not an easy task, especially when industries are facing three main challenges: divergent culture and priorities, the diversity of technologies, and a multifaceted and complex ecosystem. Hyperconnectivity, complex supply chain networks, and dependencies are further challenges to security. External factors like geopolitical instability also influence the cybersecurity space, making it a challenging task to keep critical infrastructure safe.

In light of growing cyber risks, governments and regulators are driving efforts to ensure that cybersecurity is strengthened in nations and regions by updating regulations and proposing new standards, in particular for critical infrastructure. Recently, the European Commission proposed a Cyber Resilience Act to address the inadequate level of cybersecurity inherent in many products, or inadequate security updates to such products and software.

In addition, the US government has sought to improve the cybersecurity of key industries. In May 2021, following the Colonial Pipeline attack, President Biden signed an executive order outlining measures to modernize cybersecurity, leading to the signing into law of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

To strengthen cyber resilience, businesses must make cybersecurity governance part of their business strategy from the outset. A comprehensive cybersecurity governance model should also be established while leveraging existing global frameworks and standards, building a holistic view of the ecosystem and its broader impact, and ensuring that resilience and security by design is embedded in operations and business decisions.

Organizations must cultivate a cybersecurity culture in the workplace at all levels – from operations to leadership. Cyber leaders should proactively communicate the importance of cybersecurity, provide regular training, and encourage employees to report incidents.

While cybersecurity risks remain a reality, multistakeholder communities must come together to take global action at both an industry and cross-industry level to strengthen cyber resilience. Global industries must turn cybersecurity into a global team sport, where everyone works together to ensure critical infrastructure remains safe.

Lidhja e burimit