Claroty, a cyber-physical systems (CPS) protection company, recently announced the results of new research on the impacts of economic uncertainty and its drivers on organizations’ ability to protect their CPS environments. The report, The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape, offers a number of unique findings, including:
- 49 percent of respondents report that supply chain changes caused by shifting global economic policies and geopolitical tensions around the world are creating increased cyber risk to CPS assets and processes.
- 45 percent are also concerned about their ability to reduce risk to key CPS assets, and in their overall understanding of their risk posture.
- 67 percent said that they are reconsidering the geography of their supply chain to mitigate risks to CPS posed by economic and geopolitical uncertainties.
- 46 percent of respondents said they’ve been breached in the last 12 months because of third-party access.
- 54 percent report they’ve discovered security gaps or weaknesses in vendor contracts post-incident. As a result, 73 percent of respondents said they are re-evaluating third-party remote access to CPS operations.
A ripple effect of shifting supply chains is the escalation of risks associated with third-party remote access, as organizations re-evaluate their vendors and introduce new remote access tools into already complex and exposed CPS environments.
Respondents also highlighted regulatory changes as a source of uncertainty. Depending on the regions in which they operate, organizations may be grappling with swift de-regulation or growing momentum for more regulation.
The research showed that despite successful efforts to follow established frameworks such as the NIST Cybersecurity Framework and ENISA in Europe, there are concerns over what’s to come from the regulatory environment.
- Nearly 70 percent of respondents said their current CPS security programs adhere to cybersecurity standards.
- However, 76 percent said that emerging regulations—be it government, international or industry-specific—may require their organizations to overhaul their strategies, which could cause massive disruptions to operational efficiency.
“Attackers often see times of instability as opportunities to strike. Distracted defenders are ineffective defenders. This, combined with the impact of critical infrastructure on economic stability, national security, and public safety makes it a particularly attractive target.” said Sean Tufts, Field Chief Technology Officer at Claroty.
“The survey results show that economic uncertainty and geopolitical tensions are making it harder for security teams to protect critical systems, compounded by third-party vulnerabilities that are further driving up risk. While the challenge is great, the opportunity for organizations to fundamentally shift how they approach their CPS security is greater.”
These findings highlight the importance of taking an impact-centric approach to risk reduction that focuses on regulatory outcomes and exposure management, with the top risk mitigation strategies being regular security audits (49 percent) and process improvements for providing change approvals (45 percent). This will enhance compliance efforts and uncover vulnerabilities particularly where there may be blind spots among third-party vendors.
To learn more, download the full report here.