Industrial organizations say cybersecurity is a priority, even while most expect to become a target of a cybersecurity incident. But how big of a priority can it be if nearly half of the companies surveyed admitted in a recent survey to not having any measures in place to even detect or monitor if their industrial control networks suffered an attack?It seems everyone wants in on the Internet of Things (IoT) \u2014 and that desire for connectivity includes power plants, water treatment centers, and manufacturers \u2014 even though 65 percent of surveyed companies acknowledged that Industrial Control Systems (ICS) security risks are more likely with IoT.Nevertheless, organizations want to bump up the efficiency of their industrial processes with new IT. They are pouring money into security for IT networks, while also boosting automation efficiency by connecting their operational technology (OT) with external networks \u2014 this despite 77 percent believing their organization is likely to become a target of a cybersecurity incident involving their industrial control networks.Those are but a few insights into the concerns of 320 global professionals, across 23 countries, with decision-making power on OT-ICS cybersecurity. They were surveyed by Pierre Audoin Consultants (PAC) on behalf of Kaspersky Lab; the results can be seen in Kaspersky\u2019s State of Industrial Cybersecurity 2018 report (pdf).More than half of the industrial companies, 51 percent, claimed they did not suffer a breach or cybersecurity incident in the past 12 months. While that seems like good news, Kaspersky Lab wondered if the companies would even have known if they were attacked, as 48 percent of the organizations admitted to having no measures in place to detect or track attacks.It is worth noting that 8 percent answered that they honestly don\u2019t know how many cybersecurity incidents tied to OT\/ICS or control system networks occurred in the last year, while 10 percent can\u2019t be bothered to measure the number of incidents and breaches.Operational technology wide open to attackEven though a majority of the organizations are beefing up security on the IT side, they are leaving the doors to their OT \u201cwide open,\u201d which allows \u201cbasic threats such as ransomware and malware to step right in and catch them.\u201dIn fact, the survey revealed that organizations\u2019 perceived risks are not always the actual pain points.What do organizations that rely on ICS fear? Sixty-six percent of the surveyed companies fear targeted attacks and APTs, 65 percent are concerned about conventional malware, 64 percent are worried about ransomware attacks, and 59 percent are concerned about data leaks and spying.What really caused security incidents? Kaspersky noted that \u201calmost two-thirds (64 percent) of companies experienced at least one conventional malware or virus attack on their ICS in the last 12 months. Thirty percent of companies suffered a ransomware attack, and 27 percent had their ICS breached due to the errors and actions of employees. Targeted attacks affecting the sector accounted for just 16 percent in 2018 (down from 36 percent in 2017), suggesting that the concern and reality around the risks of targeted attacks is misplaced \u2014\u00a0and that companies relying on ICS are still falling victim to more conventional threats, including malware and ransomware, as well as targeted attacks.\u201dA few other tidbits that seem to jump off the page included 16 percent of the companies opted not to report any breaches or incidents that occurred in the last year, and only 23 percent are compliant with mandatory industry or governmental regulations or guidance.