This leaves them exposed to unplanned downtime, production losses and the reputational and financial damages that can result from possible cyber breaches. This alarming trend was highlighted in a recent joint survey conducted by VDC Research and Kaspersky.
A study "Securing OT with Purpose-built Solutions" conducted by Kaspersky in collaboration with VDC Research, illuminates the shifting landscape of cybersecurity within the industrial sector. Focusing on key industries such as energy, utilities, manufacturing and transportation, this research surveyed over 250 decision-makers to unveil vital trends and challenges faced in fortifying industrial environments against cyber threats.
A strong cybersecurity strategy begins with complete visibility into an organization’s assets, allowing leaders to understand what assets need protection and assess the highest risk areas. In environments where IT and OT systems converge, this demands more than just a comprehensive asset inventory. Organizations must implement a risk assessment methodology that is aligned with their operational realities – by establishing a clear asset baseline, organizations can engage in meaningful risk assessments that address both corporate risk criteria and the potential physical and cyber consequences of vulnerabilities.
Recent survey findings reveal a concerning trend: a significant number of organizations are not engaging in regular penetration testing or vulnerability assessments. Only 27.1% of respondents perform these critical evaluations on a monthly basis, while the majority—48.4%—conduct assessments every few months. Alarmingly, 16.7% do so only once or twice a year, and 7.4% address vulnerabilities solely as needed. This inconsistent approach can leave organizations vulnerable as they navigate an increasingly complex threat landscape.
Every software platform is inherently vulnerable to bugs, insecure code, and other weaknesses that malicious actors can exploit to compromise IT environments. For industrial companies, effective patch management is therefore crucial to mitigate these risks. However, studies reveal that many organizations encounter significant challenges in this area, often struggling to allocate the necessary time to pause operations for critical updates. Disturbingly, many organizations patch their OT systems only every few months or even longer, significantly heightening their risk exposure. Specifically, 31.4% apply patches monthly, while 46.9% do so every few months, and 12.4% update only once or twice a year.
These challenges in maintaining effective patch management are exacerbated in OT environments, where limited device visibility, inconsistent vendor patch availability, specialized expertise requirements and regulatory compliance add layers of complexity to the cybersecurity landscape.
As IT and OT systems increasingly converge, there is a pressing need to harmonize these traditionally disparate systems, which have often relied on proprietary technologies rather than open standards. The challenge is further intensified by the rapid proliferation of Internet of Things (IoT) devices—ranging from cameras and smart sensors for asset tracking and health monitoring to advanced climate control systems. This explosion of connected devices broadens the attack surface for industrial organizations, underscoring the urgent need for robust cybersecurity measures.
For industrial customers, Kaspersky provides a unique ecosystem that seamlessly integrates specialized OT-grade technologies, expert knowledge and invaluable expertise. Kaspersky Industrial Cybersecurity (KICS), a native XDR platform for critical infrastructure, is the cornerstone of this OT ecosystem, that offers centralized asset inventory, risk management and audit, and enables security scalability across diverse, distributed infrastructure via a single platform. Additionally, Kaspersky recommends that industrial organizations adopt the Secure by Design ideology when deploying new OT devices or systems.
“At Kaspersky, we bring the Secure-by-Design concept to life through our Cyber Immunity approach. This means building products that are resilient by architecture — able to withstand attacks, even those exploiting unknown vulnerabilities. Unlike traditional systems, Cyber Immune products don’t rely on constant patching or external security layers. As a result, our clients benefit from stronger protection, simplified maintenance and a lower total cost of ownership — without compromising on security.” – says Dmitry Lukiyan, Head of KasperskyOS Business Unit.
With Cyber Immune products based on KasperskyOS, organizations can enhance their systems’ resilience with minimal additional cybersecurity costs, thereby reducing overall cybersecurity expenses in the long term.
To read the full report “Securing OT with Purpose-built Solutions”, please visit the website.
To learn more about industrial cyber resilience and ways to enable comprehensive protection of all the assets and processes, read out interactive guide.
About VDC Research
Founded in 1971, VDC Research provides in-depth insights to technology vendors, end users and investors across the globe. As a market research and consulting firm, VDC's coverage of AutoID, enterprise mobility, industrial automation and loT and embedded technologies is among the most advanced in the industry, helping its clients make critical decisions with confidence. Offering syndicated reports and custom consultation, its methodologies consistently provide accurate forecasts and unmatched thought leadership for deeply technical markets. Located in Southborough, Massachusetts, VDC prides itself on its close personal relationships with clients, delivering an attention to detail and a unique perspective that is second to none.
