Implementing new technology solutions and training personnel are the top cybersecurity priorities of enterprises worldwide, according to a 2021 survey released Feb. 4 by Claroty, an industrial cybersecurity firm.

Nearly 90% of enterprises are looking to hire, with 40% saying the need was “urgent.” A little over half of respondents (54%), however, said it is hard to find candidates who are qualified when it comes to operational technology (OT) security. OT is the use of hardware and software to monitor and control physical processes, devices, and infrastructure.

Critical infrastructure security is at a pivotal juncture, considering the proliferation of cyberthreats, according to Claroty Chief Executive Officer Yaniv Vardi.

“There’s also a growing collective interest and desire in protecting our most essential systems,” he said in a statement. “Security leaders looking to take their programs to the next level must account for all cyber-physical systems in their risk governance practices, segmenting their information technology (IT) and OT networks and assets, extending their general IT cybersecurity practices to their OT devices, and consistently monitoring for threats across all networks.”

Since the start of the pandemic, 90% of global respondents have seen an acceleration in the digital transformation of their companies. Upwards of 80% also reported the increase of both their IT and OT security budgets.

Ransomware, a type of malware that holds a victim’s information at ransom, is a pervading cyberthreat across industries. Those hardest hit by these attacks, per Claroty, were IT hardware; oil and gas; water and waste; and automotive (90%).

Worldwide, the estimated cost of cybercrime is $8 trillion — higher than the Gross Domestic Product of all but 20 countries.

The 2021 survey found that the payout was significant for bad actors operating ransomware. Of the 80% in the survey who experienced such an attack, more than 60% paid a ransom.

In the Asia Pacific (APAC), 71% paid ransom fees ranging from $100,000 to $1,000,000. Moreover, although cybersecurity became a higher priority as a result of an attack for 52% of them, only 45% supported a legal requirement to report ransom fees.

The estimated revenue loss per hour of downtime drove the decision to pay the ransom, Claroty found. For this reason, 69% of the respondents said it should be legal to pay ransoms.

“To change the financial calculus, what’s required is a system of incentives and disincentives that favor better controls and risk governance up front,” the report said. “As long as the financial model continues to favor paying the ransom, these threats will continue.”

Claroty completed the survey in September 2021 with 1,100 full-time IT and OT security professionals in the United States, Europe, and APAC. Industries such as oil and gas, consumer products, electric energy, agriculture, and transportation were represented. Over half (55%) belonged to organizations with at least $1 billion in revenue. — Patricia B. Mirasol