OT cyber incidents may cost up to USD $329.5 billion globally
The study, conducted by Marsh McLennan's Cyber Risk Intelligence Centre, used a decade's worth of breach and insurance claims data to determine both the potential financial impact of OT cyber events and the OT security controls that most effectively reduce that risk.
The findings suggest that business leaders, insurers, and security professionals should focus on implementing measurable risk reduction strategies in industrial environments.
According to the report, indirect losses are a major concern, impacting up to 70% of OT-related breaches.
The study models worst-case scenarios in which the global financial risk from such incidents reaches as high as USD $329.5 billion, more than half of which - an estimated USD $172.4 billion - would result from business interruption.
Robert M. Lee, Chief Executive Officer and Co-founder of Dragos, commented on the findings: "Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments. The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer. This report fills a critical gap by translating OT security into measurable financial risk and assessing controls aimed at mitigating that risk."
The key OT cybersecurity controls found to be most strongly correlated with risk reduction are incident response planning (up to 18.5% average risk reduction), defensible architecture (up to 17.09%), and ICS network visibility and monitoring (up to 16.47%).
The analysis leveraged tens of thousands of simulations, representing one of the first statistical attempts to connect specific OT controls with quantifiable financial loss reduction based on real-world data.
Mark Stacey, Vice President, Risk and Resilience Solutions at Dragos, highlighted the importance of understanding OT cybersecurity in business and financial terms: "For years, organisations have lacked the context needed to understand OT cyber risk in business and financial terms. This study fills that gap, linking real-world financial data with OT-specific security controls. It gives executives, risk managers, and insurers the shared language and framework they've been missing to prioritise, invest, and insure with confidence."
The report also examined persistent challenges organisations face in managing and insuring OT cyber risk.
These include an undefined financial impact due to lack of quantifiable data, difficulties in measuring return on investment in OT security measures, and uncertainty in determining which controls should be prioritised.
By mapping the SANS ICS Five ICS Cybersecurity Critical Controls to observed outcomes in industry data and insurance claims, the report aims to provide a practical risk management framework.
This is considered particularly urgent as OT-focused malware threats are on the rise and as regulatory requirements, such as the United States Securities and Exchange Commission's Form 8-K cyber incident disclosure rules, become more stringent for publicly listed companies.
Scott Stransky, Head of the Cyber Risk Intelligence Centre at Marsh McLennan, underscored the significance of translating the implementation of controls into measurable financial benefits: "This report offers new visibility into the financial modeling of OT risk and provides insurers and OT operators alike with the confidence to take action. By statistically linking controls to measurable risk reduction, organisations can better evaluate client readiness and make more accurate, risk-based coverage decisions."
The research indicates that organisations across industrial sectors - such as electricity, manufacturing, oil and gas, water, transportation, mining, and government - stand to benefit from adopting data-driven approaches to OT risk management and demonstrating the financial efficacy of their security investments.
The findings are presented as a resource intended to bridge the information gap for boards, risk executives, and underwriters working to align OT cybersecurity planning with demonstrable financial outcomes in a landscape of evolving digital threats and regulatory obligations.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scoop
a day ago
- Scoop
From Trade Gains To AI Dividends: APEC's Next Growth Play
Cooling Growth, Lingering Risks APEC's growth slowed to 3.5 percent in the first quarter of 2025, down from 3.8 percent a year earlier, reflecting weaker demand and heightened global uncertainty. Early trade gains, driven by businesses rushing to ship goods before new trade restrictions take effect, gave the economy a short-term boost. However, sustained momentum requires consistent reforms and renewed investment in productivity. Regional growth is now projected at 3.0 percent in 2025 and 2.9 percent in 2026, slightly above the May 2025 APEC Regional Trends Analysis forecasts, but trailing behind the rest of the world, which is expected to grow by 3.4 percent in 2026. Despite the emergence of new technologies and the relative resiliency of greenfield investments in productivity-enhancing projects, downside risks are expected to dominate, marked by policy uncertainty, geopolitical tensions, and elevated debt levels as legacy from the pandemic. Central Banks Balance Support and Stability Inflation averaged 2.5 percent across APEC in the second quarter of 2025, lower than a year ago and easing pressure on households and businesses. In response to downside risks, the majority of central banks have trimmed policy rates to help spur economic activity. Other APEC economies have kept their policy rates unchanged, maintaining a cautious stance amid potential price pressures and external shocks. In recent months, oil prices edged higher as energy markets responded to shifting supply dynamics amid geopolitical instability. In contrast, food prices remained broadly stable, reflecting mixed movements across key commodity groups. Trade Gains Reflect Precautionary Activity Merchandise trade in APEC posted solid growth in the first quarter of 2025 as businesses moved shipments forward, hedging against possible new trade restrictions. Export and import values rose by 5.0 percent and 7.7 percent, respectively, while volumes climbed even faster, by 7.0 percent and 7.9 percent. This expansion suggests that early-year trade gains were driven by risk-mitigation strategies rather than a sustained rebound in demand, and may taper off as temporary factors fade. Trade momentum remains highly sensitive to policy developments. Services trade told a different story. Export growth slowed to 6 percent in the first quarter of 2025 from 11 percent a year earlier. Travel services exports contributed to the decline as it decelerated sharply to 9 percent from 30 percent over the same period even as transport and other commercial services increased. Trade policy uncertainty, although easing from earlier peaks as negotiations gain traction and trade deals begin to take shape, has remained well above historical norms. In fact, financial markets reflect amplified investor concerns, with gold prices near record highs and demand for safe-haven assets is strong. Emerging Opportunities: Resilient Greenfield Investments and AI Potential Although FDI inflows have moderated, falling from USD 1,157 billion in 2021 to USD 956 billion in 2024, greenfield investment remains a bright spot. Announced greenfield projects in APEC reached USD 595 billion in 2024, up 56 percent compared to the level in 2021, underscoring investor confidence in new capacity and innovation. Sustained investments in innovation and digitalization signal an ongoing shift toward productivity-enhancing sectors, which bodes well for APEC's growth trajectory. Digital technologies, particularly artificial intelligence (AI), are poised to amplify these gains. Modelling estimates suggest that, when treated as a productivity shock, AI adoption could raise GDP by 1.3 to 3.9 percent. On average, APEC economies already score above global averages on AI readiness, highlighting strong potential to capture digital dividends. Still, digital capacity remains uneven across the region, with persistent gaps in digital skills limiting broader adoption. Closing these gaps will be key to unlocking AI's full economic potential and ensuring that its benefits reach all people, across communities, sectors and economies. Policy Priorities: Strengthening Confidence, Harnessing Digital Gains With growth moderating and uncertainty still elevated, APEC economies must walk a fine line, preserving near-term macroeconomic stability while advancing structural transformation. Tackling current headwinds and fostering innovation to lay the foundation for sustained growth that benefits the entire population will require coordinated policy action across three key areas: Inclusive Structural Reform: Advance labor market reforms and scale up digital skills development to strengthen human capital and ensure that the benefits of AI-driven productivity are widely shared. Adaptive Economic Policy: Maintain flexible macroeconomic frameworks, rebuild fiscal space, and channel investment toward sectors that boost productivity to support adjustment and resilience. Coordinated Regional Cooperation: Use APEC's platform to align responses to shifting global environment, reinforce regional economic stability, and deepen integration through sustained dialogue. As APEC economies navigate persistent global uncertainty, it is important to strike a careful balance between policy responses that yield short-term gains and structural reforms that drive enduring momentum and productivity growth. Regional cooperation is indispensable in today's uncertain environment. APEC as a regional platform must continue to foster open dialogue, align policies, and coordinate responses to shared challenges. Clear direction and consistent collaboration are vital to managing risks and supporting durable, innovation-driven growth.
Techday NZ
a day ago
- Techday NZ
Certes launch quantum-safe technology to nullify stolen data
Certes has announced the availability of a quantum-safe data protection approach that aims to render stolen data useless to attackers. With cybercrime costs predicted to exceed USD $10.5 trillion by the end of 2025, the cybersecurity sector faces growing challenges, especially as quantum computing rapidly evolves. Certes has stated that its solution is designed to address this escalating threat by making intercepted data indecipherable even to powerful quantum-enabled adversaries. The company's analysis compares modern cyberattacks to advanced bank heists, where criminals focus on stealing sensitive data, especially while it is in transit. Traditional security measures, according to Certes, typically aim to keep threat actors out via perimeter defences. However, the firm's new focus is on neutralising the value of any data that is intercepted, protecting it throughout its lifecycle. "You don't stop a heist by just locking the doors; you make sure the robbers leave with nothing they can use. That's exactly what we're doing. Even if attackers gain access, the data is quantum-protected, scrambled, and completely useless to them," said Simon Pamplin, CTO at Certes. Certes reports that more than 80% of data breaches occur during the transmission of data, and 82% take advantage of weaknesses in either perimeter or internal systems. This vulnerability, combined with the increasing sophistication of cybercriminal tactics, means that conventional security postures may become obsolete as quantum computing capabilities advance. The company's patented Data Protection and Risk Mitigation (DPRM) solution is built on quantum-safe algorithms and provides end-to-end data security. This includes data in use, at rest, and in transit. Certes distinguishes its solution from existing tools by focusing on making the data itself secure, rather than relying on the strength of the surrounding network perimeter. Simon Pamplin said, "We're preparing clients for the next era of cybersecurity; one where perimeter defences won't cut it. Quantum resilience is critical, but so is the shift in mindset: it's not just about keeping data safe, but making sure that if cybercriminals ever access it, it's useless to them." Certes extends the analogy of dye packs used by banks to thwart robbers. Just as dye packs make stolen banknotes unusable, Certes aims to ensure that attackers cannot benefit from intercepted data, as it remains encrypted and undecipherable. The firm describes its approach as providing a digital equivalent of a dye pack, neutralising the value of the data even if it is physically stolen. Organisations across several sectors, including finance, healthcare, defence, and government, are currently being advised by Certes on post-quantum data strategies. These measures are intended to protect against both current and future threats as quantum capabilities become more widely available. Certes' expertise is being leveraged to help these institutions safeguard essential assets and remain compliant with evolving security regulations. The company highlights that its technology is in use by over 1,000 clients in nearly 100 countries. Certification standards such as FIPS 140-2 and Common Criteria EAL4+ are in place for its security products, according to company background materials. Certes concludes that though data breaches are becoming more common, organisations now have the means to ensure that any information stolen is effectively rendered valueless, reducing the overall impact and risk associated with inevitable breaches.
Techday NZ
2 days ago
- Techday NZ
Asia Pacific manufacturers boost focus on cybersecurity threats
Manufacturers across the Asia Pacific region are facing heightened cybersecurity risks as operational technology (OT) and information technology (IT) systems become increasingly interconnected. New findings from Rockwell Automation's 10th annual State of Smart Manufacturing Report reveal that cybersecurity has become a key concern for manufacturing businesses, second only to inflation and economic conditions. Boardroom priority Manufacturing businesses are recognising cybersecurity as a strategic issue, not just a technological challenge. The report, which collected feedback from over 1,500 manufacturing leaders in 17 countries, shows that one third of respondents hold direct IT and OT cybersecurity responsibilities. As companies further integrate OT and IT in their operations, the risk of cyberattacks grows more complex. Many are increasingly turning to artificial intelligence (AI) and machine learning (ML) to address these risks in real time. "Cybersecurity is no longer just a technology issue - it's a boardroom issue," said Stephen Ford, Vice President and Chief Information Security Officer at Rockwell Automation. "As IT and OT become more connected, the attack surface is expanding. Our latest research confirms what we're seeing firsthand: Cyber risk is now one of the top threats to manufacturing growth. You can't protect tomorrow's enterprise with yesterday's tools. AI is a critical part of the modern security stack, enabling manufacturers to detect threats in real time, maintain productivity, and stay ahead in an increasingly aggressive threat landscape." Key survey findings According to the Rockwell Automation survey, cybersecurity (30%) is now seen as one of the two most significant external risks by respondents, just after inflation and economic growth (34%). More than half (61%) of cybersecurity and IT professionals plan to adopt AI or ML-based solutions for security within the next year, 12 percentage points above the broader manufacturing sector. The report also indicates that 38% of manufacturers intend to leverage data collected from current sources to enhance protection. Additionally, 48% of cybersecurity professionals highlighted the need to secure converging IT and OT architecture within the next five years, compared to an average of 37% among all respondents. Workforce and skills needs Talent requirements are also changing as the digital environment evolves. More than half (53%) of respondents from companies with revenues of USD $30 billion or more view cybersecurity practices and standards as extremely important skills, compared with 47% of all respondents. This highlights a growing emphasis on cybersecurity capabilities in workforce development and hiring strategies. The report acknowledges ongoing challenges in talent development, workplace training, and rising labour costs, all of which continue to affect the competitiveness of manufacturing organisations in the region. As manufacturers seek to hire new talent, cybersecurity and analytical skills are expected to be critical requirements. "Cybersecurity has become a business enabler," said Ford. "It's no longer just about preventing threats, it's about empowering transformation with confidence. The most forward-thinking manufacturers are proactively leveraging advanced technologies like AI to stay ahead of evolving risks." Survey methodology The State of Smart Manufacturing Report analysed responses from 1,560 participants from a range of sectors - including consumer packaged goods, food and beverage, automotive, semiconductor, energy and life sciences. Respondents ranged from management to C-suite roles and represented companies with annual revenues from USD $100 million up to more than USD $30 billion. The findings reflect the increasing role cybersecurity plays in manufacturing and reflect industry trends towards integration of IT and OT, the growing use of AI, and prioritisation of skills development for future workforce needs.
