Cybersecurity in Spain has evolved significantly compared to other European countries. From the Industrial Cybersecurity Center in the last 10 years, we have carried out more than a dozen studies on the state of cybersecurity, in our case, aimed at industrial organizations. Studies that help to understand in depth the current scenario as well as its most pressing opportunities and gaps. The conclusions are really interesting and provide crucial information to continue evolving.
The state of cybersecurity in Spain at the end of 2023
More and more industrial organizations have a cybersecurity manager specialized in their field on their teams. This piece is the main indicator of evolution and the most important step to begin to establish cybersecurity in any business as well as in the business framework. To this we must add the growing ecosystem of cybersecurity providers that offer high-value services and solutions to manage cybersecurity risks in industrial automation and digitalization, as shown in our industrial cybersecurity catalog.
Along these lines, we have also detected, especially during the development of the year 2023, four major difficulties in the path of cybersecurity in Spain:
The shortage of roles and professionals:
Currently, there is a significant gap and shortage of professionals with adequate knowledge in cybersecurity specific to OT environments. The average to find a professional with the necessary profile in industrial cybersecurity is more than 6 months. Which greatly slows down the agility of processes as well as the implementation of solutions in companies.
* In our industrial cybersecurity catalog you can consult job offers in the field of industrial cybersecurity updated in real time.
The heterogeneity of technologies:
The lack of homogeneity of the different industrial facilities of the company itself makes the application of cybersecurity standards very difficult. Added to this is that industrial digitalization requires new suppliers and more communications, which generates a “dangerous” increase in exposure channels if they are not protected.
An “unsecured” supply chain
The supply chain is made up of raw material suppliers that have a low level of cybersecurity maturity and service providers around industrial technologies, such as integrators, engineering and maintenance companies that also lack an adequate level of cybersecurity maturity. At CCI, in 2023 we created and published the document Cybersecurity in the supply chain of industrial digitalization, which reveals the fundamental keys to increasing the level of protection of these companies.
The strong cybersecurity regulations and regulations “in process”
Currently, a strong and solid cybersecurity regulation is in process that will represent a great challenge for technology providers, engineers, industrial integrators as well as for the industrial organizations themselves. A regulation that begins with increasing the costs of industrial technology products. With this regulation, cybersecurity becomes so important that it must be implemented, mandatory, by design.
The heartbeat of the cybersecurity environment in Spain in 2023: real data
Likewise, along these lines, in 2023 we launched a survey from the Industrial Cybersecurity Center aimed at a large part of our ecosystem that clearly shows what the cybersecurity priorities of our members are. A job that provided us with important information to continue developing content and training aligned to the real scenario
Cybersecurity analysis results – 2023
In terms of cybersecurity maturity, 34% of the representatives surveyed do not have a cybersecurity manager defined for OT environments and would be interested in evaluating risks and applying basic measures.
46% have a cybersecurity manager in industrial environments and have already carried out a diagnosis; Their priority is to implement a cybersecurity management system or expand the scope of the existing one.
Only 20% have a cybersecurity management system and are advancing in an industrial SOC.
These results show that only 2 out of 10 organizations have a good level of cybersecurity maturity. The good news is that almost half already have a cybersecurity manager in industrial environments.
Regarding knowledge and training in cybersecurity, the needs are mainly in the cybersecurity of networks and systems (24%), secure design (20%), cybersecurity management (16%). These needs reveal that progress is being made in risk protection and management, but there is also increasing concern about including cybersecurity in new industrial projects.
In the area of interest on the part of the sectors with the greatest concern in cybersecurity would be the critical infrastructure operators, highlighting the electrical, chemical, water and transportation sectors. These sectors would be followed by food, pharma and hospital engineering.
In conclusion, the analysis carried out in 2023 on the state of cybersecurity in Spain reveals a complex and constantly evolving reality in the field of cybersecurity, in our case in the industrial environment. Not only does it show what the current priorities are in industrial cybersecurity, but it also marks the route towards where future efforts should be directed. Collaboration, continuous training and adaptation to new regulations and technologies are key to strengthening resilience in the field of cybersecurity.
The Industrial Cybersecurity Center – CCI, as the central axis in this effort, has the challenge of guiding and supporting its members on the path of industrial cybersecurity. Help us with your experience to improve cybersecurity in Spain. Join our cybersecurity ecosystem with more than 7,000 members!
– – – – – – – – – – – – –
Author:
José Valiente
CCI Director