Business-led Internet of Things (IoT) or converged operational technology-information technology (OT-IT) projects have largely underestimated or ignored security and safety risks. Security and risk management (SRM) leaders must go beyond data security by embracing cyber-physical systems (CPS) security efforts, or they will soon be overwhelmed by new threats.

Key Findings

  • Cyberattacks that have halted physical processes at companies such as Colonial Pipeline and JBS have clearly shown that many connected assets are CPS. CPS represent an opportunity to tackle security and safety across IT, OT and IoT initiatives.
  • Deployment of CPS is tightly coupled with business initiatives driven by industry needs because many CPS deployments occur outside IT departments.
  • The growing realization that all connected assets are CPS directly challenges the traditional roles, responsibilities and authorities of SRM leaders beyond IT and data-centric security. Digital business transformation will accentuate this challenge.
  • CPS pose unique technical challenges for IT-centric security leaders.