New Report Finds 49% of Security Professionals Say Global Economic Policies and Geopolitical Tensions Increase Risk To Cyber-Physical Environments

Global Survey by Claroty Uncovers How Organizations Are Navigating an Uncertain Economic Landscape to Secure Mission-Critical Infrastructure

Claroty, the cyber-physical systems (CPS) protection company, announced the results of new research on the impacts of economic uncertainty and its drivers on organizations’ ability to protect their CPS environments. The report, “The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape,” is based on a global independent survey of 1,100 infosecurity, OT engineering, clinical & biomedical engineering, and facilities management & plant operations professionals.

The findings revealed that nearly half (49%) of respondents report that supply chain changes caused by shifting global economic policies and geopolitical tensions around the world are creating increased cyber risk to CPS assets and processes. Forty-five percent are also concerned about their ability to reduce risk to key CPS assets, and in their overall understanding of their risk posture. Additionally, 67% said that they are reconsidering the geography of their supply chain to mitigate risks to CPS posed by economic and geopolitical uncertainties.

A ripple effect of shifting supply chains is the escalation of risks associated with third-party remote access, as organizations re-evaluate their vendors and introduce new remote access tools into already complex and exposed CPS environments. Forty-six percent of respondents said they’ve been breached in the last 12 months because of third-party access and 54% report they’ve discovered security gaps or weaknesses in vendor contracts post-incident. As a result, 73% of respondents said they are re-evaluating third-party remote access to CPS operations.

Also Read: CIO Influence Interview with Dilip Bachwani, Chief Technology Officer, Qualys

Respondents also highlighted regulatory changes as a source of uncertainty. Depending on the regions in which they operate, organizations may be grappling with swift de-regulation or growing momentum for more regulation. The research showed that despite successful efforts to follow established frameworks such as the NIST Cybersecurity Framework and ENISA in Europe, there are concerns over what’s to come from the regulatory environment. Although nearly 70% of respondents said their current CPS security programs adhere to cybersecurity standards, 76% said that emerging regulations—be it government, international or industry-specific—may require their organizations to overhaul their strategies, which could cause massive disruptions to operational efficiency.

“Attackers often see times of instability as opportunities to strike. Distracted defenders are ineffective defenders. This combined with the impact of critical infrastructure on economic stability, national security, and public safety makes it a particularly attractive target.” said Sean Tufts, Field Chief Technology Officer at Claroty. “The survey results show that economic uncertainty and geopolitical tensions are making it harder for security teams to protect critical systems, compounded by third-party vulnerabilities that are further driving up risk. While the challenge is great, the opportunity for organizations to fundamentally shift how they approach their CPS security is greater.”

These findings highlight the importance of taking an impact-centric approach to risk reduction that focuses on regulatory outcomes and exposure management, with the top risk mitigation strategies being regular security audits (49%) and process improvements for providing change approvals (45%). This will enhance compliance efforts and uncover vulnerabilities particularly where there may be blind spots among third-party vendors.