Study finds significant gaps in world's critical infrastructure

Approximately 70 percent of surveyed critical infrastructure providers reported at least one security breach in the past 12 months, according to research from Unisys Corporation and the Ponemon Institute.

In a survey of 599 security executives at oil and gas, utility, and manufacturing companies, the researchers found that approximately 70 percent of the companies reported at least one breach that led to the loss of confidential information or disruption of operations in the last year. Sixty-four percent of respondents anticipated one or more serious attacks in the coming year.

Just 28 percent ranked security as one of the top five strategic priorities for their organization.

"The findings of the survey are startling, given that these industries form the backbone of the global economy and cannot afford a disruption," Larry Ponemon, the chairman and founder of the Ponemon Institute, said. "While the desire for security protection is apparent among these companies, not nearly enough is actually being done to secure our critical infrastructure against attacks."

Respondents who reported data breaches in the past year most often attributed the breaches to an internal accident or mistake. Negligent insiders were the top cited threat to company security. Only six percent of respondents said they provide cybersecurity training for employees.

"Whether malicious or accidental, threats from the inside are just as real and devastating as those coming from the outside," Dave Frymier, the chief information security officer at Unisys, said. "We hope the survey results serve as a wake-up call to critical infrastructure providers to take a much more proactive, holistic approach to securing their (information technology) systems against attacks. Action should be taken before an incident occurs, not just after a breach."