Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.

Key Findings

  • Cyberattacks that have halted physical processes at companies such as Colonial Pipeline and JBS have clearly shown that many connected assets are cyber-physical systems (CPS). CPS represent an opportunity to tackle security and safety across information technology (IT), operational technology (OT) and Internet of Things (IoT) initiatives.
  • Deployment of CPS is tightly coupled with business initiatives driven by industry needs, as many CPS deployments occur outside IT departments.
  • The growing realization that all connected assets are CPS directly challenges the traditional roles, responsibilities, and authorities of security and risk management (SRM) leaders beyond IT and data-centric security. Digital business transformation will accentuate this challenge.
  • CPS pose unique technical challenges for IT-centric security leaders.