A recent report highlights importent cybersecurity vulnerabilities within industrial sectors, especially concerning networked devices, machines, and systems. The “OT+IoT Cybersecurity Report 2024” reveals that a substantial portion of companies are ill-prepared to effectively respond to cyber attacks, underscoring the urgent need for enhanced cyber resilience.

The Escalating Threat Landscape

The cybersecurity landscape is constantly evolving, with the Federal Office for Information Technology (BSI) identifying over 2,000 new software vulnerabilities each month, approximately 15% of which are deemed critical. This persistent threat necessitates a proactive approach to cybersecurity, especially within german industry. As Cybersecurity is a shared obligation [[2]], and we each have a part to play [[2]].

In view of this permanent threat situation, German industry should further strengthen its cyber resilience in 2025.

Jan Wendenburg, CEO of Onekey

OT/IoT Security Neglect: A Call for Action

The “OT+IoT Cybersecurity Report 2024” indicates a concerning trend: industry’s neglect of software security in networked devices, machines, and systems. This oversight presents a significant challenge, requiring substantial improvements in 2025 to bridge the gap in cyber defenses. The report, based on a survey of 300 industry managers, emphasizes the critical need to address vulnerabilities in operational technology (OT) and Internet of Things (IoT) devices.

Budgetary Concerns and Cybersecurity Investment

While a majority of companies acknowledge the need to bolster their cybersecurity posture, budgetary constraints remain a significant obstacle. The study reveals that a third of companies consider their cybersecurity budgets “limited,” while 27% express uncertainty regarding their budget allocation for cybersecurity initiatives.Only 34% of surveyed companies possess “appropriate” or “significant” budgets dedicated to enhancing cyber resilience.

This financial shortfall underscores the importance of strategic investment in cybersecurity. As jan Wendenburg advises, It is advisable for the other two thirds to clarify their IT security budget in the new year and to increase them quickly.

Assessing Cyber Resilience: Measures and Misconceptions

The survey also explored the measures companies employ to assess their cyber resilience. Common practices include threat analyses (36%), penetration tests (23%), intrusion detection (22%), and vulnerability assessments (15%). Network segmentation, implemented by 19% of companies, aims to contain breaches within specific network segments, preventing widespread compromise.

However, the most prevalent approach to cybersecurity appears to be reliance on contractual agreements with IT service providers and suppliers, with 38% of companies placing their trust in “contractually guaranteed security.” This reliance on legal assurances may be misplaced, as numerous high-profile security incidents have involved suppliers with similar contractual guarantees, including major players like Cloudflare, Crowdstrike, and Cisco.

Incident Response and Preparedness: A Critical gap

A mere 32% of companies have established procedures for learning from security incidents and implementing necessary improvements. This lack of preparedness is alarming,given the ever-present threat of cyber attacks. Predefined business processes for handling hacking attempts, both during and after an incident, should be a essential component of every company’s security framework.

While 34% of companies take steps to enhance security following a cyber attack, a similar proportion remain largely unprepared, lacking clear protocols for addressing vulnerabilities in networked devices, machines, and systems. A concerning 16% have not developed operational procedures for learning from cyber attacks and implementing necessary improvements.

Strengthening Cybersecurity: A National Imperative

The findings of the “OT+IoT Cybersecurity Report 2024” serve as a stark reminder of the cybersecurity challenges facing industry.As cyber threats continue to evolve, organizations must prioritize investment in robust security measures, incident response planning, and continuous enhancement. The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the importance of cybersecurity education and career development [[1]], and tracks and shares information about the latest cyber threats [[3]]. By taking proactive steps to strengthen their cyber resilience,companies can mitigate risks,protect critical infrastructure,and ensure the continued success of their operations.