Nearly 70 percent of critical infrastructure companies surveyed by Unisys and the Ponemon Institute suffered a security breach in the last year. According to the report, “Despite staggering statistics around the number of security breaches within these sectors, results showed that they gap between security concern and preparedness is overwhelming.”

Some findings from the survey of 599 security executives at utility, oil and gas, energy and manufacturing companies in 13 countries include:

• 67 percent say their companies have had at least one security compromise that led to the loss of confidential information or disruption to operations over the last year.
• 24 percent of respondents say these compromises were due to an insider attack or negligent privileged IT users, but only six percent provide cybersecurity training to all employees.
• Only 28 percent of respondents ranked security as one of the top five strategic priorities for their organization, despite 64 percent of respondents anticipating one or more serious attacks in the coming year. A majority, however, named their top business priority as minimizing downtime.

“Whether malicious or accidental, threats from the inside are just as real and devastating as those coming from the outside,” said Dave Frymier, chief information security officer at Unisys. “We hope the survey results serve as a wake-up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their IT systems against attacks. Action should be taken before an incident occurs, not just after a breach.”

You can read the full report here.