Security risks from IT/OT convergence threaten North Asia’s Industry 4.0 ambitions

2024 will see 50 per cent of Operational Technology (OT) systems connected to corporate IT systems in North Asia, up from 38 per cent in 2023. Only 13 per cent surveyed are at an advanced level of readiness to deal with IT/OT security, with 60 per cent at basic level. 73 per cent of organisations say they’re planning to fully or partially outsource IT/OT security to a third party.

HONG KONG, April 18, 2024 /PRNewswire/ — Telstra International, the global arm of leading telecommunications and technology company Telstra, has revealed that low levels of security maturity in operational technology (OT) and information technology (IT) across North Asia could put businesses who are rapidly adopting the fourth industrial revolution (4IR) technologies at major risk, according to Telstra’s “Securing Industry 4.0: The Challenges and Opportunities of IT/OT Convergence” study.

Telstra International commissioned technology research company Omdia to evaluate the state of OT and IT convergence in North Asia, assessing maturity, benefits and opportunities. The study of 250 business and technology leaders in the mainland China, Hong Kong, Japan, Korea and Taiwan region, found only 13 per cent of businesses are at an advanced level of readiness to deal with IT/OT security, with most businesses (60 per cent) only at basic level.

In the race to Industry 4.0*, digital and data-centric businesses are flocking to technologies like Internet of Things (IoT), AI, and big data to accelerate digital transformation. This is fuelling the integration of previously separate functions across OT and IT, to streamline and enable data flow for industrial operations in sectors like manufacturing, healthcare, retail/wholesale, transport, logistics and shipping.

With 85 percent of businesses expecting benefits from IT/OT convergence, the rush to integrate is accelerating. The coming year will see 50 per cent of OT systems to be connected to corporate IT systems. This is up from 38 per cent last year, while 76 per cent of North Asia businesses have already digitised some existing manual processes. 

“As businesses rush headlong into a digital-first era of new technologies, they face heightened cybersecurity risks arising from an accelerated convergence of IT and OT systems. The race to integrate previously unconnected systems is exposing significant operational siloes and significant gaps in the ability to mitigate the emerging cybersecurity risks. Companies pursuing IT/OT integration must find the people, partners, skills and technology to pave a secure path to success,” said Paul Abfalter, Head of North Asia, Telstra.

IT/OT security a different beast

While there are many benefits of IT and OT convergence, businesses are grappling with several major barriers to successful implementation. One glaring capabilities gap is the need for specialised skills that cover both IT and OT security as threats to IT systems are now directly impacting OT systems. The Telstra-Omdia study reveals that 88 per cent of organisations have had to manage a security incident that had a direct impact on OT production environments, while 74 per cent of attacks affecting critical infrastructure operations can be traced back to corporate IT systems.

Interestingly, only 26 per cent of today’s attacks tracked back to OT systems. Such systems have traditionally not been connected to the Internet and therefore potentially pose an event greater risk from a cybersecurity perspective. The emergence of this new risk vector is causing 73 per cent of organisations to say they plan to fully or partially outsource IT/OT security to a third party.

“Hackers are becoming more sophisticated in accessing unencrypted or unsecured IoT devices to exploit commercially sensitive data or traverse across devices into other systems. This can disrupt operations and cause significant financial damage to organisations,” said Adam Etherington, Senior Principal Analyst for Digital Enterprise Services at Omdia.

Etherington continued, “Today’s heightened cyber risks create reactive spending on cyber tools and services, but these can add even further complexity and risks. Addressing the IT/OT security challenge requires a single pane of glass to gain visibility across the new converged infrastructure of Industry 4.0 businesses, but gaining visibility is just the first step to identifying, responding and protecting against such threats. Holistic strategy, industry frameworks and expert partners will all be key to solving this critical challenge.”

North Asia maturity levels below par

Common IT/OT convergence activities include unifying production infrastructure, sensors, and physical systems within data centres, digital platforms, and networks. Many of these stem from IoT implementations, with mainland China and Korea the largest adopters of IoT today in Asia, according to IDC. While mainland China, Hong Kong and Singapore are also the three fastest growing markets.

Less than half (44 per cent) of North Asia businesses surveyed have reached “operational” or “advanced” maturity levels in securing OT. The study highlights that South Korea and Hong Kong are relatively more mature in IT/OT cybersecurity than the rest of North Asia – registering 52 per cent and 45 per cent of firms reaching “operational” or “advanced” maturity (see below figure).

But similarities between locations underscores an overall lack of preparedness that cybersecurity executives must address. From an industry perspective, manufacturing was found to be the least prepared of all sectors with only 38 per cent in the region saying they had reached “operational” or “advanced” maturity. This should not be a surprise with the historic heavy emphasis on manual processes and manual labour in many manufacturing operations leading to a lack of integration across operations and slow adoption of digital technologies compared to other industries. This past reluctance to adopt technology is now a major driver for the accelerated push for industry 4.0 adoption and sector-wise transformation.


For more details, please click on the link below to download the research report:
click here for full report

* Industry 4.0 encapsulates strategically leveraging advanced technologies, like cloud, AI, IoT and others, and new business models in harmony with legacy systems to optimise scale, resilience, and efficiency in critical infrastructure sectors at levels beyond historical precedents for commercial success.

About Telstra International

Telstra is a leading telecommunications and technology company with a proudly Australian heritage and a longstanding, growing international business. Today, Telstra International has over 3,200 employees based in more than 30 countries outside of Australia, providing services to thousands of business, government, carrier, and OTT customers. 

Over several decades we have established the largest wholly owned subsea cable network in the Asia-Pacific, with a unique and diverse set of infrastructure that offers access to the most intra-Asia lit capacity. 

We empower businesses with innovative technology solutions including data and IP networks, and network application services such as managed networks, security, unified communications, cloud, industry solutions, integrated software applications and services. These services are underpinned by our subsea cable network, with licences in Asia, Europe and the Americas and access to more than 2,000 Points of Presences (PoPs) in more than 200 countries and territories globally. 

In July 2022 Telstra completed the acquisition of Digicel Pacific, the largest mobile operator in the South Pacific region. 

For more information, please visit https://www.telstrainternational.com/en