THE CRITICAL

CONVERGENCE OF
IT AND OT SECURITY
IN A GLOBAL CRISIS
Weathering a Perfect Storm and Preparing
for a Post-Pandemic Future

Copyright © 2020 Claroty Ltd. All rights reserved

EXECUTIVE SUMMARY
This independent, global survey of information technology Ability to adapt enhanced by secure remote access,
(IT) and operational technology (OT) security professionals cybersecurity response plans
who own, operate, or otherwise support components of
critical infrastructure within large enterprises, explores how Fortunately, 68% reported a seamless shift to remote
their concerns, experiences, and attitudes have shifted since work. A contributing factor may be that 80% already
the COVID-19 pandemic began. Key findings include: had a secure remote access solution (aside from a VPN,
which is not secure enough for OT) in place prior to
Overall threat level on the rise; Pharmaceutical most the pandemic.
vulnerable sector
However, there are commonalities among the share
Respondents said the overall threat level during of respondents who did not experience a seamless
COVID-19 has increased. 56% have experienced transition (25%): the lack of a pre-existing secure remote
more threats and 70% have seen cybercriminals using access solution aside from a VPN (20%), and the lack of
new tactics to target their organization since the a pre-existing cybersecurity plan to manage a disruptive
pandemic began. scenario such as COVID-19 (25%). This suggests both
factors are essential for organizations to adapt quickly
Respondents rated five industrial sectors as the most and safely.
vulnerable to a cyberattack: pharmaceutical (14.09%), oil
& gas (13.45%), electric utilities (13.45%), manufacturing Organizations building resilience with cybersecurity
(12.55%), and building management systems (12%). leaders, technology at the helm

IT/OT convergence accelerates, yet gaps remain Organizations have learned from the experience and
are prioritizing cybersecurity. 86% are confident their
COVID-19 has accelerated the convergence of IT and organization is prepared, from a security standpoint, for
OT networks. 67% say their IT and OT networks have another major disruption in the future. 88% said their
become more interconnected since the pandemic began, crisis-response plan has been updated to reflect a more
and more than 75% expect they will become even more dispersed workforce.
so as a result.
CISOs and cybersecurity executives are leading the
However, disparities between IT and OT remain. way in building resiliency and enabling newly distributed
66% find collaboration between IT and OT teams more teams. 83% report their head of cybersecurity has
challenging during the pandemic, while 62% believe provided new training or encouraged the development
their organization’s IT and OT networks are not of new skills related to working in a more dispersed
equally secure. organization.

The role of technology is paramount. By far,

organizations’ top cybersecurity priority during the
pandemic has been implementing new technology
solutions (54%).

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 2

INTRODUCTION
Since the World Health Organization characterized Q1. What do you think has the potential to inflict more
COVID-19 as a global pandemic in March 2020, digital damage (during the COVID-19 pandemic) – a cyberattack
transformation has accelerated dramatically, driving a on critical infrastructure or an enterprise data breach?
surge in the convergence of information technology (IT)
and operational technology (OT) networks. More employees A cyberattack on critical infrastructure
began working remotely and companies were forced to move
extremely fast on everything from online collaboration tools
to secure remote access. This has created a perfect storm 68.82% GLOBAL
2020 75.50% GLOBAL
2019
situation: Legacy OT devices – never designed for Internet
connectivity – are now connected, the attack surface has An enterprise data breach
expanded, and opportunistic adversaries are stepping
up attacks. It’s become extremely clear that security is a
foundational component of digital transformation. To reduce 31.18% GLOBAL
2020 24.50% GLOBAL
2019
exposure, IT and OT teams must collaborate to create a
new normal and prepare for a post-pandemic future.
A majority of respondents are still more concerned about
cyberattacks on critical infrastructure versus an enterprise
Even though less than a year has passed since we
data breach. While survey results point to an increased
conducted our last survey, the world has changed
focus on OT security and preparedness as IT and OT
significantly. So, we decided it was time to update our
networks become more interconnected during the COVID-19
report released in March, “The Global State of Industrial
pandemic, they also reveal an increase in targeted attacks
Cybersecurity.” This time around, we surveyed both IT
and challenges in collaboration between IT and OT teams
and OT security professionals at large enterprises who
as organizations shift to working remotely. In this report
own, operate, or otherwise support components of
we explore this perfect storm situation and strategies to
critical infrastructure, with a focus on how their concerns,
weather it.
experiences, and attitudes have shifted since the
pandemic began.

Questions centered on:

METHODOLOGY
Overall threat level during the COVID-19 pandemic
Claroty contracted with Pollfish to conduct a survey of
IT and OT security professionals in countries including
The convergence of IT and OT networks
the United States, the United Kingdom, France, Belgium,
Germany, Austria, Switzerland, Australia, New Zealand,
How respondents have adapted to the disruption
and Singapore. Only individuals who work full time in
cybersecurity or information security completed the survey,
Building resilience and moving forward
for a total of 1,100 respondents. The survey was completed
in August 2020.
While we asked many new questions in this latest survey,
one question we started with again was:

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 3

KEY FINDINGS We’ve seen the same level of threats

I. Overall threat level during the

COVID-19 pandemic 26.09% GLOBAL 28.40% U.S.

Not surprisingly, respondents believe that the overall threat

level during the COVID-19 pandemic has increased.
Q4. Have you seen cybercriminals carrying out new
tactics to target your organization since the start of the
COVID-19 pandemic?
Q2. Is your organization more or less of a target for
cybercriminals since the COVID-19 pandemic began?
Yes, we’ve seen new tactics
More of a target
69.82% GLOBAL 67.00% U.S.

55.00% GLOBAL 51.40% U.S.

No, we have not seen new tactics
Less of a target
30.18% GLOBAL 33.00% U.S.

20.45% GLOBAL 23.60% U.S.

Notably, when compared to other regions, threat levels for

There hasn’t been a change
Australia and New Zealand (ANZ) and Germany, Austria, and
Switzerland (the DACH region) appear to be much higher.
24.55% GLOBAL 25.00% U.S. A greater percentage of respondents from the two regions
report being more targeted (68% and 64% respectively),
experiencing more threats (70% and 75%), and seeing new
Further substantiating this finding, organizations also tactics (74% and 80%) since the pandemic started.
report they have experienced more cyber threats since the
pandemic began, with new tactics being used. Finally, in terms of the threat landscape, survey results show
that the old adage “attackers don’t discriminate” continues
to hold true.

Q3. Has your organization experienced more

cybersecurity threats, compared to the months before
the COVID-19 pandemic began?

Yes, we’ve seen more threats

56.36% GLOBAL 52.80% U.S.

No, we’ve seen fewer threats

17.55% GLOBAL 18.80% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 4

Q5. Which sector has been the most vulnerable to a
Water
cyberattack since the start of the COVID-19 pandemic?

Pharmaceutical 1.91% GLOBAL 1.80% U.S.

14.09% GLOBAL 12.40% U.S.

Other

Oil & gas 1.18% GLOBAL 1.40% U.S.

13.45% GLOBAL 8.80% U.S. On a global basis, five industrial sectors are quite close
together at the top of the list – pharmaceutical, oil & gas,
Electric utilities electric utilities, manufacturing, and building management
systems. With no consensus regarding which industrial

13.45% GLOBAL 12.60% U.S.

sector has been the most vulnerable since the start of the
pandemic, this could indicate that they are all equally at
elevated risk. This assertion is supported by the July 23,
Manufacturing 2020 alert issued by the U.S. National Security Agency
(NSA) and Cybersecurity and Infrastructure Security Agency
12.55% GLOBAL 15.40% U.S.
(CISA), which includes broad warnings of an imminent and
serious threat across all 16 critical infrastructure sectors,
and lengthy, detailed sets of recommendations for how to
Building management systems protect OT environments.

12.00% GLOBAL 12.80% U.S.

Most regions followed similar patterns, identifying three to
five industries clustered closely toward the top of the list.
The exceptions are the DACH region, where oil & gas
Consumer goods
clearly holds the top spot at 36%, and Singapore, where
pharmaceutical is at 22%. Both results likely reflect industry
10.73% GLOBAL 12.00% U.S. sectors of particularly elevated interest in those regions;
the much publicized Nord Stream II pipeline from Russia to
Germany is nearing completion and eight of the world’s top
Food and beverage
10 pharmaceutical companies have facilities in Singapore.

8.82% GLOBAL 10.00% U.S.

Air transportation

8.64% GLOBAL 8.80% U.S.

Rail transportation

3.18% GLOBAL 4.00% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 5

Q6. Has your job become more or less challenging
Partially
during the COVID-19 pandemic?

More challenging 46.18% GLOBAL 49.60% U.S.

72.27% GLOBAL 68.80% U.S.

Not at all/siloed

Less challenging 2.55% GLOBAL 2.20% U.S.

11.00% GLOBAL 11.60% U.S.

Of note, a particularly large concentration of respondents
from ANZ (64%) and the DACH region (66%) report complete
No change connectivity.

16.73% GLOBAL 19.60% U.S.

COVID-19 has clearly had an impact on IT/OT convergence,
as a majority say that their IT and OT networks have become
more interconnected since the pandemic began and more
than 75% expect they will become even more interconnected
Given the threat levels and observations during the
as a result of the pandemic. Clearly this indicates the need
pandemic, it is not too surprising that a large majority of IT
to remain ever vigilant to the increased risk of threats to OT
and OT security professionals report their jobs have become
networks and secure them.
more challenging, with even more respondents from ANZ
(85%) and the DACH region (80%) finding their jobs more
challenging during this period.
Q8. Have your IT and OT networks become more
interconnected since the COVID-19 pandemic began?
II. The convergence of IT and OT
networks Yes, more connected

While IT and OT convergence unlocks business value in

terms of operations efficiency, performance, and quality of 67.36% GLOBAL 65.00% U.S.
services, it can also be detrimental because threats – both
targeted and non-targeted – now have the freedom to move No, less connected
from IT to OT environments. The potential risk is high, as
nearly every respondent reports their IT and OT networks
are interconnected at least partially. 10.00% GLOBAL 11.40% U.S.

No change
Q7. To what degree are your IT and OT networks
interconnected?
22.64% GLOBAL 23.60% U.S.

Completely

51.27% GLOBAL 48.20% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 6

Q9. Looking ahead, do you feel that your IT and OT Q11. How would you compare the security of your
networks will become more interconnected as a result organization’s IT and OT networks?
of the COVID-19 pandemic?
IT networks more secure than OT
Yes, more connected

47.18% GLOBAL 44.80% U.S.

77.09% GLOBAL 72.60% U.S.
OT networks more secure than IT
No, less connected

14.91% GLOBAL 14.20% U.S.

8.55% GLOBAL 11.00% U.S.
IT and OT networks equally secure
No change

37.91% GLOBAL 41.00% U.S.

14.36% GLOBAL 16.40% U.S.

It is worth highlighting that more than 78% of respondents

The impact of COVID-19 on interconnectedness is even
in ANZ and the DACH region are finding collaboration more
higher in ANZ (80%), the DACH region (79%) and Singapore
challenging. This is especially problematic given that more
(71%), and expected to grow to 91% in ANZ, 85% in the
respondents from ANZ (60%) and the DACH region (62%)
DACH region, and 82% in Singapore.
report an IT/OT security gap in their organizations. Such
disparity points to even greater need for IT/OT collaboration
Finally, as IT/OT convergence accelerates, collaboration
in these regions.
between IT and OT teams is critical to bridge the IT/OT
security gap, yet a majority of respondents are finding
collaboration more challenging right now.
III. Adapting to disruption

Within days of COVID-19 being labeled a global pandemic,

Q10. Have the IT and OT teams within your organization organizations began to shift to a remote workforce. The
found it more or less challenging to collaborate during study reveals that for the majority of organizations the shift
the COVID-19 pandemic? was seamless, but roughly a quarter experienced some sort
of difficulties. This can be attributed partially to the lack of
More challenging a secure remote access solution (aside from a VPN) at the
start of the pandemic, as well as a lack of a plan to manage
such a scenario.
65.55% GLOBAL 62.80% U.S.

Less challenging

13.73% GLOBAL 14.60% U.S.

No change

20.73% GLOBAL 22.60% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 7

Q12. Did your organization seamlessly shift to Q14. Did your Chief Information Security Officer (CISO)
remote work? or top cybersecurity executive have a pre-existing plan
in place to manage a scenario like the one we’ve
Yes, the transition was seamless experienced with the COVID-19 pandemic?

Yes, there was a plan

67.91% GLOBAL 66.60% U.S.

No, the transition was not seamless 67.00% GLOBAL 66.20% U.S.

No, there was no plan

25.45% GLOBAL 26.00% U.S.

My organization didn’t experience a shift to 24.09% GLOBAL 25.40% U.S.

remote work
I’m not sure

6.64% GLOBAL 7.40% U.S.

8.91% GLOBAL 8.40% U.S.

Q13. Aside from VPN, did your organization have a No one could have predicted the global and long-term
solution in place before the COVID-19 pandemic began disruption of the pandemic on nearly every aspect of life.
that allowed employees to securely work from a But a greater share of respondents from France (48%)
remote location? and the U.K. (39%) report there was no pre-existing plan
in place, or they were not aware of one. The good news
is that organizations have learned from the experience –
Yes, we already had a solution in place respondents overwhelmingly report that they have updated
their plans and will be ready for a similar event in the future.
80.09% GLOBAL 77.20% U.S.

No, we did not have a solution in place Q15. Do you believe that your organization is prepared,
from a cybersecurity standpoint, for the possibility of
another major disruption?
19.91% GLOBAL 22.80% U.S.

Yes, we are prepared

86.45% GLOBAL 84.40% U.S.

No, we are not prepared

13.55% GLOBAL 15.60% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 8

Notably, respondents from ANZ and the DACH region share Digging deeper, more respondents from ANZ (74%) and
an even higher level of confidence in their ability to handle the DACH region (73%) gave their CISOs good marks for
a similar disruption in the future – at 94%. This likely corre- leadership than any other region. Also demonstrating strong
sponds to the fact that both regions reported higher levels support for CISOs, in the UK only 2.5% of respondents said
of preparedness from the start. However, even in France they felt there had been below-average leadership during
and the U.K, where fewer respondents report having a plan the pandemic. ANZ was the only region where not a single
from the beginning, 83% of respondents from each region respondent gave a “below average” score.
now say they are prepared for another major disruption.
Many organizations are using this period as an opportunity Based on the answers to the next four questions, CISOs and
to emerge stronger – a silver lining amidst the pandemic, for organizations are prioritizing security and preparedness.
which we see additional evidence in the next section.

IV. Building resilience Q17. Has your organization updated its cybersecurity
crisis response plan to reflect a more dispersed
CISOs and their teams have been in the spotlight since the workforce?
COVID-19 pandemic, and their work has never been more
important. The majority of respondents around the globe Yes, we’ve updated our crisis response plan
laud their organization’s cybersecurity leadership and feel
they are prioritizing the right things. From encouraging
training and skills development to prioritizing the 88.36% GLOBAL 88.80% U.S.
implementation of new technologies and updating crisis
response plans, cybersecurity leaders are helping their No, we have not updated our crisis response plan
companies to build resilience as changes, such as a more
dispersed workforce, will remain for the foreseeable future.
11.64% GLOBAL 11.20% U.S.

Q16. How would you grade your CISO or top

cybersecurity executive’s leadership throughout the Q18. Has your organization’s leadership made
COVID-19 pandemic? cybersecurity enough of a priority during the COVID-19
pandemic?

Good leadership
Yes, it has

61.55% GLOBAL 60.40% U.S.

85.91% GLOBAL 86.40% U.S.

Average leadership
No, it has not

35.00% GLOBAL 34.60% U.S.

14.09% GLOBAL 13.60% U.S.

Below-average leadership

3.45% GLOBAL 5.00% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 9

It is interesting to note that at opposite ends of the
Increasing team budget
spectrum, only 5% of respondents from ANZ say their
leadership has not made cybersecurity enough of a priority,
whereas 20% of respondents from the U.K. said their 8.68% GLOBAL 9.03% U.S.
leadership has not. While respondents in the U.K. gave their
CISOs high marks, as noted in Q16, they still feel their
Other
organizations can do more. This is reflected in their
responses to Q14 where 39% said there was no pre-existing
plan in place or they were not aware of one, and to Q19, 0.42% GLOBAL 0.69% U.S.
where 22% would like more training and skills development.

RECOMMENDATIONS FOR
Q19. Has your CISO or top cybersecurity executive
provided new trainings or encouraged the development
EMERGING STRONGER
of new skills related to working in a more dispersed
As companies embrace distributed models and the
organization?
convergence of IT and OT networks to maintain productivity
and drive competitive advantage, OT security becomes
Yes, they have foundational to success. But a combination of legacy devices
connected to the internet, many more attack vectors, and

83.45% GLOBAL 83.80% U.S.

opportunistic adversaries creates a perfect storm situation.
The following recommendations can help CISOs securely
accelerate IT/OT convergence to propel their organizations
No, they have not forward now and after the crisis fades.

16.55% GLOBAL 16.20% U.S.

1. Focus on OT security to enable business
The more important OT networks are to a business, the
more essential effective OT security is to the success of
operations. Revenue is generated and customers’ lives are
improved when those systems are up and running. But there
Q20. What has been your organization’s leadership’s
is a 25+ year gap between IT security and OT security, and
highest cybersecurity priority during the COVID-19
attempts to close that gap can be hampered by trying to
pandemic?
apply trusted IT security best practices and technologies –
many of which introduce unnecessary complexity and are
Implementing new technology solutions ineffective or even downright harmful – in OT environments.
Because most OT networks lack suitable security controls,

53.97% GLOBAL 55.09% U.S.

security leaders should use the opportunity to focus on what
can be executed immediately to reduce risk the most. Start
by prioritizing the most important use cases and gaining
Created or updated its crisis response plan full visibility into the OT environment. Granular details of all
assets, sessions, processes, and corresponding risk levels

26.56% GLOBAL 26.62% U.S.

help to identify threats in the network to mitigate risk and
assure operational continuity and process integrity.

Hiring more staff

10.37% GLOBAL 8.56% U.S.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 10

2. Understand the threats 4. Build coalitions
Among an extensive list of specific recommendations in the Don’t slow down the rapid progress made during the
aforementioned NSA and CISA alert is the deployment of last few months. There is no better time than now for
threat monitoring technology. One of the biggest challenges cybersecurity leaders to garner support from the rest of the
in securing OT environments is zero telemetry and thus executive team for the work the security teams are doing.
no visibility into OT networks. However, these networks Many board members have been very hands-on and involved
communicate and share much more information than is at an operational level. They have seen how being prepared
typically available from IT components – the software and having the right technologies and processes in place
version they are running, firmware, serial numbers, and more. are essential to enabling IT/OT convergence and creating a
OT network traffic can typically provide all the security more resilient business, so CISOs and other security leaders
information required to monitor for threats, so consider an should be in a strong position to garner their support.
asset visibility and continuous threat monitoring solution As security teams reassess what risk looks like now and
that can be implemented quickly and integrated into IT develop plans for how to focus on resiliency within the new
systems and workflows to increase preparedness and structure in place, strong coalitions are essential to moving
mitigate risk. forward quickly.

3. Improve collaboration
World circumstances have exposed security gaps and
pushed IT and OT teams to work together to drive
CONCLUSION
resolution, but good intentions only go so far. One of
We are living in a completely different world since March
the longstanding barriers is that IT and OT teams have
2020 – a world that continues to evolve and will never return
different – and in many cases, competing – priorities.
to its previous state. On the plus side, as organizations
Specifically, IT teams typically prioritize the CIA triad, which
pivoted to a more remote workforce and IT and OT networks
encompasses the three principles of confidentiality, integrity,
converged, they increased their focus on OT security and
and availability in the context of data or information and
those that didn’t have a plan to deal with a similar crisis
corresponding IT systems. OT teams, meanwhile, typically
have quickly put one in place. Still, IT and OT security
prioritize the principles of availability, reliability, and safety
professionals report challenges collaborating as they face
in the context of physical processes and corresponding OT
higher threat levels. Fortunately, by leveraging this time
systems. Yet both teams share the same desired outcome:
to focus on OT security, understand the threats, improve
risk reduction.
collaboration, and build coalitions, organizations can
accelerate IT/OT convergence with greater confidence and
Another area that presents a challenge is the different
unlock new business value.
way in which organizations and adversaries view IT and OT
networks. Organizations often think of them as separate
networks; but to adversaries, a network is a network, so
attacks are intertwined. Solutions that enable IT and OT
teams to look at OT environments together and start to
identify deviations from established behavioral baselines,
unauthorized connections, and the presence of adversary
techniques bring the full power of the organization’s
resources to bear on risk mitigation. Working together
toward a common goal while respecting differences enables
collaboration to become concrete — not just philosophical
— and organizations to become more resilient, faster.

Copyright © 2020 Claroty Ltd. All rights reserved claroty.com 11

 Copyright © 2020 Claroty Ltd. All rights reserved

Copyright © 2020 Claroty Ltd. All rights reserved