Industrial and production businesses have security priorities that are drastically different from service-based industries. Industrial sectors can value (or under-value) certain types of data far differently than other businesses, and even amongst different industrial sectors, security priorities can vary greatly.
This is according to a Kaspersky lab survey of 3 900 professionals worldwide, which found the adage “no two businesses are alike” true when comparing businesses in the corporate and services sectors to industrial businesses. The survey classified respondents across 17 different business sectors, including the manufacturing and utilities & energies sectors. These two industrial sectors stand apart from the others based on the designs of their IT networks – industrial machines managed by highly-specialised industrial software – and how these businesses have vastly different priorities for securing these networks.
The survey shows that 21% of manufacturers reported losing intellectual property (IP) in the past 12 months (the fifth-highest rate), which seems to justify the sector giving IP the highest “importance rating” (17%) of all 17 business sectors. Utilities & Energy suffered the lowest rate of stolen IP, and assigned it the lowest rating of importance out of all 17 business sectors.
The manufacturing sector viewed market intelligence/competitive intelligence of just average importance, whereas utilities & energy ranked it the highest of all business sectors. Both sectors suffered from relatively high rates of market intelligence data theft.
However, neither the manufacturing nor utilities & energy sectors are concerned about losing customer information, reporting the third-lowest and lowest rates, respectively, of stolen customer information across all business sectors.
On the other hand, both manufacturing and utilities & energy are highly concerned about losing internal operational information (for example, details of business processes). Almost half of all companies in both sectors reported losing some of this information to a data breach incident within the previous 12 months.
What this data illustrates is the fundamentally different approaches to IT security found in corporate environments and industrial environments. Corporate IT security is focused on data protection, but industrial IT security focuses on process protection. The data shows how highly these industrial businesses value the security of their internal processes, and also shows how securing customer data is a non-factor for these companies.
However, it also shows that the top concern of one industrial business might be a minimal consideration for another (such as the importance of IP).
