SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Industrial facility cybersecurity risk interconnected machinery warning signs
#
Physical Security
#
Supply Chain
#
Breach Prevention

CPS security risks rise amid global instability & supply chain shifts

Thu, 18th Sep 2025
Author image
By Melvin Hipolito, Editor

Research from Claroty indicates nearly half of global CPS security professionals report increased cyber risk to physical systems due to economic and geopolitical instability.

The study, titled "The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape," surveyed 1,100 information security, operations technology engineering, clinical and biomedical engineering, and facilities management professionals worldwide.

Supply chain pressures

The report finds that 49% of respondents have seen increased cyber risk to cyber-physical systems (CPS) assets and processes, a trend attributed to changing supply chains amid shifting global economic policies and geopolitical tensions. Australian infrastructure operates within a broader context of global challenges. Factors including tariffs, trade conflicts, geopolitical instability and inflation are driving both operational and financial pressures for companies handling CPS across sectors such as automotive manufacturing, pharmaceuticals, transportation, and energy services.

Companies are responding to these pressures in a variety of ways. According to the survey, 67% of organisations are reconsidering the geography of their supply chain to help manage risk attributed to global economic and geopolitical uncertainties. This includes reviewing sourcing strategies and geographic diversification.

Alongside supply chain shifts, 45% of respondents are concerned about their ability to reduce risk to key CPS assets, and their fundamental understanding of the risk posture within their organisations. These concerns are compounded by third-party vulnerabilities and increased exposure stemming from external providers and partners.

Third-party risk concerns

Incidents originating from third parties continue to be a concern, with 46% of organisations reporting a security breach within the past 12 months attributable to third-party access. Post-incident reviews reveal that 54% of these breaches uncovered security gaps or deficiencies in vendor contracts, prompting 73% of companies to re-evaluate their third-party remote access arrangements.

This scrutiny extends to company policies and approval processes for third-party access, as organisations seek to uncover vulnerabilities and enhance detection and mitigation efforts. Regular security audits (49%) and improvements in change management processes (45%) were identified as top risk mitigation strategies. These actions aim to improve compliance and identify potential blind spots, especially among vendors and external partners.

Regulatory challenges

Participants also highlighted regulatory change as a significant factor influencing their security posture. Depending on the jurisdiction, organisations face either swift de-regulation or growing moves toward increased regulation. For Australia, tightening SOCI laws are representative of an evolving compliance landscape impacting cybersecurity strategies.

The survey found that although nearly 70% say their current CPS security programmes adhere to recognised frameworks such as the NIST Cybersecurity Framework and ENISA guidelines, 76% of respondents indicated that new or emerging regulations - be they government-led, international, or industry-specific - could require an overhaul of existing security strategies.

This regulatory uncertainty introduces the possibility of significant disruption to operational efficiency, as organisations balance compliance needs with maintaining reliable service and business continuity.

Expert perspective

"Attackers often see times of instability as opportunities to strike. Distracted defenders are ineffective defenders. This combined with the impact of critical infrastructure on economic stability, national security, and public safety makes it a particularly attractive target. The survey results show that economic uncertainty and geopolitical tensions are making it harder for security teams to protect critical systems, compounded by third-party vulnerabilities that are further driving up risk. While the challenge is great, the opportunity for organisations to fundamentally shift how they approach their CPS security is greater." said Sean Tufts, Field Chief Technology Officer at Claroty.

Strategies for risk mitigation

Claroty's findings indicate that organisations are prioritising risk reduction strategies that concentrate on regulatory outcomes and exposure management. The emphasis on regular security audits and upgrades to approval processes is intended to bolster compliance efforts and establish greater visibility across both internal and external vectors.

Respondents said the evolving economic and regulatory environment necessitates enhanced vigilance and adaptive security planning, particularly as organisations look to protect mission-critical infrastructure amidst ongoing uncertainty.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ATEN unveils secure KVM switches with 5K video for defence use
Cyber-extortion incidents surge as criminals target small firms
Teleport wins AWS award for securing high-growth infrastructure
Finance teams brace for rising AI risks, fatigue & compliance in 2026
Prowler unveils graph-based tool to clarify cloud attack paths

Top stories

HP predicts surge in AI-driven cyber threats & cookie theft by 2026
Hack The Box launches AI cyber range & unveils red team certification
Dynatrace expands AWS integrations & wins LATAM partner award
Asahi delays results as ransomware attack disrupts operations
Keeper Security named Overall Leader in non-human identity management