Gartner Report

Gartner® Report: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance

Risk-based vulnerability management: A top cybersecurity priority for 2021

Cyber-physical systems are forever reshaping the cybersecurity landscape. OT/IT convergence, Internet of Things (IoT), and Industrial IoT (IIoT) have resulted in a growing list of unique vulnerabilities.

According to Gartner, “Over the last 18 months, an increasing number of vulnerabilities impacting a wide range of cyber-physical systems have been disclosed, a trend likely to continue into 2022 and beyond.”

To manage the technology, information, and resilience risks related to cyber-physical systems, recommendations in this report include:

  • Focus on explaining the growing list of vulnerabilities that need to be managed, which ones are likely to be exploited, and why an updated security strategy is needed.
  • Broaden the approach to vulnerability management. It is critical to evaluate the risk of fixing a vulnerability against the risk, and likelihood of attack.
  • Develop a contextual patch management policy. If patching is possible, test all patches and firmware before deploying.*
Did you know? In 2021, Risk-based vulnerability management security project placed among top 10 for risk management and understanding process breakdowns for organizations. “Don’t try to patch everything; focus on vulnerabilities that are actually exploitable.”**

Key findings:

  • The number of vulnerabilities impacting cyber-physical systems (CPS) continues to increase dramatically.
  • While the volume of vulnerabilities is increasing, mitigation and remediation recommendations quality is uneven. Additional due diligence is needed to assess criticality, impacts, and remediation efforts.
  • Due to their design, criticality, complexity, and mix of legacy brownfield systems and new greenfield deployments, CPS presents a unique set of challenges when it comes to vulnerability management, and therefore warrant a change to traditional IT governance.

Download your copy, courtesy of Skybox Security, for recommendations to update your approach to vulnerability management for this emerging technology area.

* Gartner: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance, Katell Thielmann, October 2021
** Gartner: Top 10 Security Projects for 2020-2021, Contributor: Kasey Panetta, February 22, 2021; URL:

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Get the report

You can unsubscribe at any time. View our privacy policy.

section background image