At the core of the NexDefense value proposition is a promise to maintain or improve production and safety, while securing mission critical networks. The math is fairly simple and straightforward for companies seeking financial justification:
1. According to Stephen Elliot and IDC (February 2015), the average cost of downtime for critical applications in operational networks is estimated to be $500K-$1M/hour and continues to rise.
2. Design issues, misconfigurations and other human related errors have a major impact on unplanned downtime. In fact, a 2016 GE study found that the average O&G company spends $38M annually on unplanned downtime, with the worst performers spending closer to $88M annually.
3. In operational networks, system failures are minimized, yet still occur. Whether down for minutes or hours, they have significant impact to the bottom line. The same GE cited previously noted that customers who have proactive versus reactive maintenance cycles enjoy 36% less unplanned downtime. Less frequent maintenance cycles, coupled with shorter durations help companies drive better financial results.
4. Security related incidents are on the rise, with a 110% increase within ICS environments, according to a December 2016 Security Intelligence report. There have already been 4 major security events impacting operational networks and hospitals through H1 2017. WannaCry alone has impacted at least 100K organizations across 150 countries, making it the largest and most disruptive ransomware attack ever launched. Analysts and researchers agree that the threat landscape will only continue to grow and expand.
5. Low visibility and awareness for operational networks exacerbates all of the above.
Bottom Line – Companies are spending vast sums of money due to unplanned downtime and product losses. Given the complexity of operational networks, these losses will continue if design issues, misconfigurations and other human errors are not curtailed. This is also the case due to security related incidents given the increasing threat landscape, and the hackers ability to impact the physical realm by cyber means.
Understanding that visibility and awareness is low, risks are increasing, and there is a 1+ million person global shortage of security talent, companies must invest in proactive systems to reduce risks, and minimize unplanned downtime and/or product losses. Integrity provides broad and deep visibility and intelligence about events that can impact and resiliency of industrial control systems. Integrity improves and heightens awareness, supports critical risk-based decisions, streamlines workflows and response & recovery plans necessary to protect systems throughout their lifecycle.