As new challenges brought by digital transformation intensify the urgency of securing cyber-physical systems (CPS), other obstacles have emerged. Consequential regulatory changes and shifting economic policies have undermined confidence in the global supply chain, putting CPS and critical infrastructure at even greater risk.
While this uncertainty rises, it forces business and cybersecurity leaders to rethink security strategies as they balance demands for cyber resilience and business continuity.
In Claroty’s latest report, The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape, nearly half of respondents (49%) report that supply chain uncertainty caused by shifting global economic policies and regulatory overhauls are creating increased cyber risk to CPS assets and processes. On top of that, 45% of respondents said they’re concerned about their ability to reduce risks to CPS assets in their environments, as well as an overall understanding of their risk posture.
The report recaps the results of an independent global survey of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, facilities management, and plant operations professionals.
Other key findings include:
76% of respondents said emerging regulations may require them to overhaul current security strategies
67% said they’re reconsidering the geography of their supply chain to mitigate CPS security risk and economic unpredictability
46% said they’ve been breached in the past 12 months because of an issue with third-party access
In addition to concerns regarding economic uncertainty, third-party access was a key theme of respondents’ answers, and the damage wasn’t limited to just an incident as it occurred: 54% of respondents report they’ve discovered security gaps or weaknesses in vendor contracts post-incident.
It goes without saying that overhaul of sensitive equipment and/or compliance programs would deal a major blow to daily operations for any organization. That’s not to mention the issues surrounding a complete re-evaluation of third-party access policies, which can leave additional security gaps that could be left unseen.
The report also gives recommendations on securing devices based on potential business impact if one such device was to be taken offline because of a cyberattack. Taking an asset-centric approach to security is a good first step, but it only takes the device properties into account instead of analyzing potential disruptions to the business. Our recommendations provide business and security leaders with the granular visibility they need to stay protected in the face of supply chain concerns and economic uncertainties.
The Claroty Platform can help organizations navigate this complex web of uncertainty. It can also be a huge help in reevaluating security postures, especially when it comes to secure remote access. Learn more by requesting a demo with one of our experts.
