Originally published Study Warns Industry Must Prioritize Cybersecurity for Devices, Machines, and Systems in 2025 on by https://www.hstoday.us/subject-matter-areas/cybersecurity/study-warns-industry-must-prioritize-cybersecurity-for-devices-machines-and-systems-in-2025/?utm_source=rss&utm_medium=rss&utm_campaign=study-warns-industry-must-prioritize-cybersecurity-for-devices-machines-and-systems-in-2025 at Homeland Security
A new report highlights the urgent need for industries to strengthen cybersecurity measures for operational technology (OT) and Internet of Things (IoT) devices in 2025. The “OT+IoT Cybersecurity Report 2024”, published by German cybersecurity firm ONEKEY, highlights gaps in cyber resilience, particularly in software security for networked systems. The findings are based on a survey of 300 industry executives, revealing budget constraints, overreliance on contractual security measures, and insufficient preparedness for cyber incidents.
The German Federal Office for Information Security (BSI) reports that over 2,000 new software vulnerabilities emerge every month, with 15 percent classified as critical threats. Against this backdrop, Jan Wendenburg, CEO of ONEKEY, warns that German industry must improve its cyber resilience in 2025 to address evolving threats. He emphasizes that despite the increasing number of attacks on networked devices, machines, and industrial systems, the industry failed to prioritize cybersecurity in 2024, leaving critical infrastructure at risk.
Budget Constraints Undermine Cybersecurity Readiness
The study found that two-thirds of surveyed companies acknowledge the need for stronger cybersecurity measures, but many are operating with inadequate budgets. A significant 27 percent of companies are uncertain about their cybersecurity spending, while only 34 percent report having an adequate or significant budget for cyber resilience. A third of respondents admitted that their cybersecurity budgets are “limited,” raising concerns about their ability to defend against increasingly sophisticated cyber threats.
Wendenburg urged businesses to reassess and expand their cybersecurity budgets in 2025, emphasizing that financial constraints should not prevent organizations from implementing robust defense measures.
Overreliance on Legal Protections Over Technical Defenses
Despite the pressing need for proactive cybersecurity measures, the study found that 38 percent of companies rely primarily on contractual security guarantees from suppliers and IT service providers rather than technical safeguards. However, history has shown that even vendors with contractual security obligations have been involved in major cybersecurity incidents, including breaches affecting Cloudflare, CrowdStrike, and Cisco.
The study revealed that only 36 percent of companies conduct threat assessments, 23 percent perform penetration tests, 22 percent use intrusion detection systems, and 15 percent conduct vulnerability assessments. Furthermore, 19 percent employ network segmentation to prevent the spread of cyber intrusions across their infrastructure.
Lack of Incident Response Strategies Leaves Companies Vulnerable
The survey also found that a significant portion of businesses lack effective incident response strategies. Only 32 percent of organizations have structured processes in place to learn from security breaches and implement improvements, while 16 percent have no operational procedures at all to analyze, mitigate, or recover from cyberattacks.
Wendenburg stressed that predefined business processes should be an integral part of every organization’s security framework to ensure resilience before, during, and after an attack. He warned that companies unprepared for cyber incidents risk significant operational, financial, and reputational damage.
Cyber Resilience Must Be a 2025 Priority
According to the report, just over a third of companies take meaningful action to improve security following a cyber incident, conducting detailed post-attack analysis and implementing enhanced protection measures. However, an equal proportion of organizations remain largely unprepared and uncertain about how to respond to attacks on their connected devices, machines, and systems.
Wendenburg urged business leaders to make cyber resilience a top priority in 2025, stressing that organizations must move beyond passive security measures and take an active role in safeguarding critical infrastructure.
The post Study Warns Industry Must Prioritize Cybersecurity for Devices, Machines, and Systems in 2025 appeared first on HSToday.
Originally published Study Warns Industry Must Prioritize Cybersecurity for Devices, Machines, and Systems in 2025 on by https://www.hstoday.us/subject-matter-areas/cybersecurity/study-warns-industry-must-prioritize-cybersecurity-for-devices-machines-and-systems-in-2025/?utm_source=rss&utm_medium=rss&utm_campaign=study-warns-industry-must-prioritize-cybersecurity-for-devices-machines-and-systems-in-2025 at Homeland Security
Originally published Homeland Security