PUBLISHER: Westlands Advisory Ltd | PRODUCT CODE: 1568196
PUBLISHER: Westlands Advisory Ltd | PRODUCT CODE: 1568196
Industrials OT Cybersecurity Industry Analysis 2024-2030
Overview
OT cybersecurity expenditure has increased significantly in recent years reaching an estimated $8.4B in 2023. The United States is the largest market and will remain so over the forecast period.
Increased cybersecurity investment is strongly correlated with the ongoing digital transformation of manufacturing industries and the increasing attack surface. The growing number of cyber incidents impacting industrial operations, current geopolitics, and the large number of vulnerabilities, has encouraged asset owners to invest in asset protection and monitoring. Trends are expected to strengthen to 2031 leading to additional cybersecurity investment though the rate of increase is likely to lag behind digital transformation and the number of cyber incidents.
The largest area of expenditure is on accelerating OT cybersecurity programs in critical industries and large multinational businesses. Growing data processing at the edge, and use of cloud services, will continue to demand the attention of the CISO. In the longer-term OT and IIoT will slowly become indistinguishable as security leaders focus on resilience of operations irrespective of on-prem, edge or cloud operations.
However, beyond critical industries and large multinationals, a significant challenge remains regarding the cybersecurity maturity of the large base of SME/Bs which comprise a large percentage of the global industrial base. Increasingly these organisations will be required to comply with regulations and local laws whilst having neither the resources or talent required to manage OT cybersecurity programs.
The largest area of expenditure remains network protection and segmentation. This has resulted in significant growth for NGFW vendors and corresponding investments in new products developed for OT environments. Expenditure on OT network threat detection and vulnerability management has grown rapidly over the period from 2016-2023 but is now beginning to mature. Vendors are shifting to a platform approach, offering customers solutions to multiple use-cases. Managed Security Services is a high growth requirement and addresses the customer need for Level 2 and 3 SOC analysts.
By 2031 leading manufacturers will be asset focussed, automated, and built on zero trust principles. This will become standardised in greenfield plants whilst brownfield operations will slowly migrate towards these models as OT cybersecurity concepts mature, budgets become available, and maintenance windows allow upgrades.
Industrial OT Cybersecurity Definitions
The Purdue Model, developed in the 1980's, is still widely used as a standardised approach to organising and segmenting industrial network systems to improve security, reliability and manageability and is used throughout the analysis to describe OT cybersecurity use cases.
- Level 0 – Physical Process. Physical data acquisition and process control, such as temperature sensors, pressure gauges, and control valves.
- Level 1 – Controller LAN. Includes the hardware and software directly responsible for the control of the processes (PLCs and RTUs). This is principally the real-time control and monitoring of physical processes, execution of control logic, and data acquisition from Level 0 devices.
- Level 2 – Local HMI LAN. Supervisory control and data acquisition systems that oversee and coordinate Level 1 devices, real-time monitoring, data logging, and basic alarming functions. This is where operators interact with the system to manage and supervise processes.
- Level 3 – Control Centre or Operations Management which includes Manufacturing Execution Systems (MES), batch-control and production scheduling, ensuring that production processes align with enterprise goals.
- Level 3.5 – Plant DMZ is an additional layer that was not part of the original model and is used to describe the security controls between the IT (Enterprise) and OT levels. Typical components includes firewalls and enforce security policy between IT and OT and to monitor and control incoming traffic, IDS/IPS, proxy servers that act as an intermediary for requests from clients seeking resources from other servers, data diodes to only allow traffic out, and remote access servers
The cybersecurity threat to OT, beyond user error, is primarily from unauthorised access to systems due to poorly managed credentials, malware passing through the DMZ or inserted via USB ports. The risk to the business is the sum or several factors – the threat, the vulnerabilities, and the criticality of the asset.
Table of Contents
Executive Summary
- Executive Summary (1)
- Executive Summary (2)
Cybersecurity Investment Drivers
- Summary of Investment Drivers
- Economics Summary
- Digital Transformation Summary
- Regulatory Summary
- Summary of Major Regulatory Developments
- Attack Surface
- Threats
- Perceptions of Risk
- Trends and economic indicators (2008-2023)
- Trends and economic indicators (2024-2031)
Industrial OT Architectures and Cybersecurity Controls
- Reference Architecture
- Purdue Model
- OT System Risk
- Technical & Administrative Cybersecurity Controls
- Administrative Controls
- OT Cybersecurity Reference Architecture
- Industrial Control System Security Controls
IIoT Cybersecurity
- Summary
- Trends and Market Expenditure Forecast
- IIoT Security Reference Architecture
- Ecosystem
OT Cybersecurity Industry Maturity
- Summary
- People and Process
- Leadership
- People & Culture Maturity
- Process Maturity
- Technology Maturity
- Industrial OT Cybersecurity Maturity
- Industry mix by Micro, Small, Medium and Large Business
- Maturity by industry
Technology Lifecycle & Use Cases
- Summary
- Network Protection Trends
- OT Network Protection
- OT Network Protection Contd.
- Industrial Networking
- Discovery & Threat Detection Trends
- Discovery & Threat Detection Solutions
- Discovery & Threat Detection Solutions Contd.
- Asset Vulnerability & Risk Management Trends
- Asset Vulnerability & Risk Management Solutions
- Endpoint Protection Trends
- Endpoint Protection Solutions
- Secure Remote Access Management Trends
- Secure Remote Access Management Solutions
- Security Operations Trends
- Security Operations Solutions
- Other Technology Solutions
- Advanced Threat Prevention & Protection
- Professional Security Services Definition
- Professional Security Services Trends
- Managed Security Services Definition
- Managed Security Services Trends
- Technology Maturity Lifecycle
- Technology Market Size and Forecast
Ecosystem
- Summary
- Technology Vendors
- Service Vendors
Market Expenditure & Outlook
- North America Market Forecast by Industry Segment 2023-2031
- North America Expenditure 2023 and CAGR by Industry Segment
- North America Market Forecast by Country 2023-2031
- APAC Market Forecast by Industry Segment 2023-2031
- APAC Expenditure 2023 and CAGR by Industry Segment
- APAC Market Forecast by Country 2023-2031
- Europe Market Forecast by Industry Segment 2023-2031
- Europe Expenditure 2023 and CAGR by Industry Segment
- Europe Market Forecast by Country 2023-2031
- Middle East Market Forecast by Industry Segment 2023-2031
- Middle East Expenditure 2023 and CAGR by Industry Segment
- Middle East Market Forecast by Country 2023-2031
- Africa Market Forecast by Industry Segment 2023-2031
- Africa Expenditure 2023 and CAGR by Industry Segment
- Africa Market Forecast by Country 2023-2031
- Latin America Market Forecast by Industry Segment 2023-2031
- Latin America Expenditure 2023 and CAGR by Industry Segment
- Latin America Market Forecast by Country 2023-2031
- Central Asia Market Forecast by Industry Segment 2023-2031
- Central Asia Expenditure 2023 and CAGR by Industry Segment
- Central Asia Market Forecast by Country 2023-2031
Vertical Market Trends
- Food & Beverage Trends & Market Forecasts by Region 2023-2031
- Automotive Trends & Market Forecasts by Region 2023-2031
- Pharmaceutical Trends & Market Forecasts by Region 2023-2031
- Manufacturing Trends
- Textile & Leather Market Forecasts by Region 2023-2031
- Wood Product Market Forecasts by Region 2023-2031
- Paper Product Market Forecasts by Region 2023-2031
- Rubber & Plastics Market Forecasts by Region 2023-2031
- Other Non-Metallic Market Forecasts by Region 2023-2031
- Machinery Market Forecasts by Region 2023-2031
- Electrical Manufacturing Market Forecasts by Region 2023-2031
- Other Transport Market Forecasts by Region 2023-2031
- Other Discrete Market Forecasts by Region 2023-2031
- Computing & Electronics Trends & Market Forecasts by Region 2023-2031
- Semiconductor Manufacturing Market Forecasts by Region 2023-2031
- Rail Trends Market Forecasts by Region 2023-2031
- Ports & Maritime Trends & Market Forecasts by Region 2023-2031
- Air Transportation Market Forecasts by Region 2023-2031
- Power Generation Trends & Market Forecasts by Region 2023-2031
- Transmission & Distribution Trends & Market Forecasts by Region 2023-2031
- Water Utilities Trends & Market Forecasts by Region 2023-2031
- Oil & Gas Trends & Market Forecasts by Region 2023-2031
- Refineries Market Forecasts by Region 2023-2031
- Chemical Trends & Market Forecasts by Region 2023-2031
- Mining Trends & Market Forecasts by Region 2023-2031
- Basic Metals Trends & Market Forecasts by Region 2023-2031
- Fabricated Metals Market Forecasts by Region 2023-2031
