Should Operational Technology (OT) cybersecurity controls (like NIST) be required by law, or remain as recommendations to businesses?

Control required by law.67%

Business recommendations.32%


2.1k views1 Upvote5 Comments

Director of Technology Strategy in Services (non-Government), 2 - 10 employees
I have a view that the requirement by law should be descriptive, not prescriptive.

The extent should be a mandate that each business has someone accountable for Cyber Security, much like jurisdictions have for privacy officers
CEO in Services (non-Government), Self-employed
Operational technology is a very broad space. I think we need to reclassify devices and "things" so that those that may impact human health and safety fall under regulated cybersecurity mandate and those that have little impact are suggested but not mandated.
Chief Information Officer in Manufacturing, 10,001+ employees
The landscape is a living place that is constantly changing and i believe there should be a body that develops cybersecurity standards that provides and supports all industries as a foundational framework. From that point it's a business decision to follow those standards to protect their interests. 
CTO in Services (non-Government), 51 - 200 employees
I went with business recommendations purely because any regulation would need to take into account company size. Smaller companies just don't have the resourcing to implement comprehensive, documented security.
2 1 Reply
Director of IT in Education, 5,001 - 10,000 employees

I agree, for small businesses the regulations can cost more for implementing than revenue.

Content you might like


No, but we expect to be hit in the future.48%

No, and we don't expect to be hit by ransomware in the future.24%


2.2k views1 Upvote2 Comments

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47.1k views133 Upvotes324 Comments

Continuous Monitoring51%

Staff Well Being57%

ESG & Sustainability45%

Service Provider Location Risk14%

Other (share below)2%


2.4k views1 Upvote4 Comments