Frost & Sullivan has found that with the convergence of physical and digital security domains, critical infrastructure organizations are increasingly required to focus their cybersecurity strategies on the two-fold task of maintaining regulatory compliance and uninterrupted operations while building up their digital resiliency strategies.
Despite an ever-increasing threat landscape and high-risk profile, critical infrastructure organizations remain far behind where they should be in terms of their cyber-maturity and digital resilience strategies, necessitating a rapid push to fortify cyber-defenses and manage their cyber-risk profiles, the San Antonio, Texas-based analyst firm said.
Enterprises can focus on their critical infrastructure by adopting technologies that will monitor, inventory, analyze and assess connected assets, networks and systems to determine any pertinent vulnerability, assess risks and enact mitigation, remediation, or quarantine policies to protect their operational networks without disrupting services.
Critical infrastructure facilities have become increasingly popular threat targets, as they are highly vulnerable to major operational disruptions and cyber incidents that can lead to real-world peril, Frost & Sullivan said.
Frost & Sullivan said in a press statement that the global critical infrastructure cybersecurity market—which is segmented into oil and gas facilities, utilities (electric and water), maritime (ports and entry points), and airports—is estimated to reach US$24.22 billion by 2030 from $21.68 billion in 2020.
Improved network topology solutions for vulnerability and risk assessment ensure that organizations can identify and discover the myriad of information technology (IT), Internet of Things (IoT), and operational technology (OT) devices that lie within an organization’s network architecture to begin building the topological model.
The four critical infrastructure sectors under analysis, including oil and gas facilities, utilities, maritime ports, and airports, are moving to update and adapt to the increasing connectivity between their traditionally disparate systems across OT and IT networks, according to Frost & Sullivan. Additionally, many of these organizations are now finding themselves the target of cyberattacks, whether targeted by an individual or group of hackers looking to profit or by malicious actors focused on disrupting/halting critical services within a community, when traditionally, these organizations were not a major target.
The nation’s critical infrastructure has in the last few months been hit by cybersecurity incidents, including the SolarWinds supply chain cyber incident, Colonial Pipeline ransomware attack, and Oldsmar water plant hack, which have intensified the need to strengthen critical infrastructure, reduce operational downtime, and protect from financial and reputational damage.
“While oil and gas facilities will continue to remain the largest segment investing in cybersecurity solutions, airports will prove to be the fastest-growing one, with a CAGR of 10.1%. Spending is expected to reach $1.87 billion by 2030,” Danielle VanZandt, industry analyst for security at Frost & Sullivan, said in the statement. “This is driven by the ongoing construction of new facilities, significant digitalization upgrades within existing airports, and the incremental updates being made to cybersecurity systems to keep up with the changing cyber-threat landscape and improve detection capabilities. “
Frost & Sullivan pointed out that out of the four critical infrastructure verticals analyzed, there remains a distinct disparity between those infrastructure markets that have been pushed to adopt more cyber-resilience strategies due to regulatory compliance requirements and early targeting of them by hackers, whereas other verticals are merely beginning to build their cybersecurity strategies and seek a digital resiliency foundation through asset discovery, network visibility, and architecture topology.
“Africa is expected to be the fastest-growing region, followed closely by Asia-Pacific. Much of the investment in both regions is from new facilities being built, renovated, or expanded that require new cybersecurity systems installed, as well as changing consumer awareness of their cybersecurity risks,” VanZandt added. “The Middle East will remain the largest market and will continue to fortify its cyber defenses and protect against prevalent cyber-threats.”