Summary: A significant majority of organizations are refraining from regular patching of operational technology (OT) systems due to concerns about potential equipment downtimes and operational disruptions. According to TXOne Networks’ 2024 Annual OT/ICS Cybersecurity Report, 85% of organizations do not patch regularly, exposing themselves to cybersecurity incidents that exploit software vulnerabilities. The report highlights the key challenges faced by organizations in maintaining effective patch management strategies.
Affected: Organizations with operational technology (OT) systems
Keypoints :
- 85% of organizations do not conduct regular patching of OT systems.
- The majority of organizations cite lack of personnel/expertise, operational disruptions, and vendor support as challenges to patching.
- TXOne recommends more flexible patch management strategies, automation tools, and virtual patching to improve patching processes.
- Nearly 60% apply patches during planned downtime to minimize disruption risks.
- 55% test patches in a controlled environment prior to deployment, while 46% utilize compensating controls to manage vulnerabilities.
Source: https://www.securityweek.com/organizations-still-not-patching-ot-due-to-disruption-concerns-survey/