Skip to content

Gartner® Report: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance

Risk-based vulnerability management: A top cybersecurity priority for 2021

Cyber-physical systems are forever reshaping the cybersecurity landscape. OT/IT convergence, Internet of Things (IoT), and Industrial IoT (IIoT) have resulted in a growing list of unique vulnerabilities.

According to Gartner, “Over the last 18 months, an increasing number of vulnerabilities impacting a wide range of cyber-physical systems have been disclosed, a trend likely to continue into 2022 and beyond.”

To manage the technology, information, and resilience risks related to cyber-physical systems, recommendations in this report include:

  • Focus on explaining the growing list of vulnerabilities that need to be managed, which ones are likely to be exploited, and why an updated security strategy is needed.
  • Broaden the approach to vulnerability management. It is critical to evaluate the risk of fixing a vulnerability against the risk, and likelihood of attack.
  • Develop a contextual patch management policy. If patching is possible, test all patches and firmware before deploying.*

Did you know? In 2021, Risk-based vulnerability management security project placed among top 10 for risk management and understanding process breakdowns for organizations. “Don’t try to patch everything; focus on vulnerabilities that are actually exploitable.”**

Key findings:
  • The number of vulnerabilities impacting cyber-physical systems (CPS) continues to increase dramatically.
  • While the volume of vulnerabilities is increasing, mitigation and remediation recommendations quality is uneven. Additional due diligence is needed to assess criticality, impacts, and remediation efforts.
  • Due to their design, criticality, complexity, and mix of legacy brownfield systems and new greenfield deployments, CPS presents a unique set of challenges when it comes to vulnerability management, and therefore warrant a change to traditional IT governance.

Download your copy, courtesy of Skybox Security, for recommendations to update your approach to vulnerability management for this emerging technology area.

* Gartner: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance, Katell Thielmann, October 2021
** Gartner: Top 10 Security Projects for 2020-2021, Contributor: Kasey Panetta, February 22, 2021; URL:

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Hello! It looks like you may have some browser-security settings in place that block basic web page functions, like the form that should be right here. Please change your browser settings and refresh this page; you can find our privacy and security policies here.

Thank you for your submission!