Report Finds COVID-19 Has Little Impact on Critical Infrastructure Cybersecurity Spending
Thursday, February 11, 2021 | Comments

Security spending in critical infrastructure has been little impacted by the COVID-19 pandemic, except for some reshuffling of where the spending is most needed. This has mostly resulted in increased demand for secure remote connectivity.

Most of the cybersecurity spending announced by governments has not changed significantly. However, most governments have maintained similar funding as planned in previous years, with an average year-on-year growth rate between 5% and 10%. According a new report by global tech market advisory firm ABI Research, cybersecurity spending for critical infrastructure will increase by US$9 billion over the next year to reach US$105.99 billion in 2021.

The primary challenge of the pandemic for critical infrastructure operators has been ensuring systems and services keep running smoothly, despite an increasingly remote workforce. As such, greater emphasis has been placed on ensuring that infrastructure operations can be securely monitored and managed remotely by authorized personnel.

"There is no denying that secure connectivity has become a key focus, not least with the revelations late last year of the SolarWinds Orion hack, which has brought into sharp focus the need for better vetting of services offered by third-party contractors and remote update processes,” said Michela Menting, digital security research director at ABI Research. “The scale of the intrusion clearly illustrates how vulnerable systems can be when they have weak links and how easily threat actors can infiltrate and escalate privileges once access has been gained. The implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management.”

The brunt of security spending is still first and foremost focused on IT networks, systems and data security from a defensive perspective.

"This is where the primary threats are focused, and operators are keenly aware of the potential ramifications of a breach there,” Menting said. “However, increasing efforts are being placed on offensive security investments to better prepare response mechanisms, as well as securing operational technologies as operators in many sectors go through digital transformation and start evolving toward smart and connected IoT infrastructures.”

Progress is nonetheless slow, as many sectors are bound by regulations which can make it difficult to change quickly. In addition, new security processes require time for testing and validation before being greenlit for use, ensuring they don't compromise the integrity or proper functioning of existing processes.

While security spending is significant in defense, financial services, and information and communication technologies (ICTs), it still lags in the more industrial sectors such as energy, water and waste management, as the risks related to physical threats are significant. Some initial traction is nonetheless driving transport, public security and healthcare, all in line with digital transformation efforts in those industries and notably from smart city developments.

"By and large, security spending in critical infrastructures is wide and varied, and diverges significantly among regions due to policy and regulation but is overall embracing cybersecurity much more holistically as connectivity and digitization continue to play increasing roles in everyday operations," Menting said.

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

More Events >

Site Navigation