Tripwire Survey: Increase in connected devices is raising the stakes for industrial security

95% of security professionals are concerned about risk associated with IoT and IIoT devices on their network

Posted on March 30, 2021 | Industrial Control Systems

PORTLAND, Ore. – March 30, 2021 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a new research report that assessed the security of connected devices across enterprise environments in 2021. Conducted for Tripwire by Dimensional Research this month, the survey evaluated the opinions of 312 security professionals that manage the security of internet of things (IoT) and industrial internet of things (IIoT) devices across their organization.

According to the survey, 99% of security professionals report challenges with the security of their IoT and IIoT devices, and 95% are concerned about risks associated with these connected devices.

More than three quarters of those surveyed said that connected devices do not easily fit into their existing security approach, and 88% required (or still require) additional resources to meet their IoT and IIoT security needs. This is of particular concern for those in the industrial space, as more than half (53%) said they are unable to fully monitor connected systems entering their controlled environment, and 61% have limited visibility into changes in security vendors within their supply chain.

“The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment,” said Tim Erlin, vice president of product management and strategy at Tripwire. “In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know.”

Additionally, the survey examined practices and ongoing concerns of security professionals responsible for maintaining a connected environment:

  • 88% follow some kind of security standard or framework, and most are audited against the framework
  • But even so, industrial professionals across manufacturing, energy, farm & agriculture, pharmaceutical, chemical, nuclear, waste & water and oil & gas industries believe they would benefit from expanded ICS security standards
  • 97% have concerns about supply chain security, and 87% agree that existing IoT and IIoT security guidelines put their supply chain security at risk

Erlin added, “It’s understandable that managing supply chain risk is top of mind for industrial security teams given the level of attack we have seen this year. Large-scale supply chain risk isn't new, so if anything, this should encourage companies to invest in resources that help maintain a more secure environment.”

The survey found that some organizations are already heading in the right direction. In light of recent events, 59% report that their budget for managing supply chain security increased in the past year. In addition, 99% report that their security teams are already in the habit of refusing employee requests to connect devices; 43% say they often do, which indicates work is already being done to maintain a smaller, connected footprint and manage inventory across the network.


Tripwire is the trusted leader for establishing a strong cybersecurity foundation. We protect the world’s leading organizations against the most damaging cyberattacks, keeping pace with rapidly changing tech complexities to defend against ever-evolving threats for more than 20 years. On-site and in the cloud, our diverse portfolio of solutions find, monitor and mitigate risks to organizations’ digital infrastructure—all without disrupting day-to-day operations or productivity. Think of us as the invisible line that keeps systems safe.

Recent News
August 15, 2022

95% request additional action to ensure the security of data and systems of non-governmental organizations

August 15, 2022

Tripwire ExpertOps Federal reduces both the workload and complexity of managing an agency’s critical security controls.

August 15, 2022

Organizations struggle to find skilled staff, leaving 82% of security teams understaffed

August 15, 2022

SC Lab testers give Tripwire IP360 top rating, highlighting sophisticated reporting and risk prioritization.