At the request of NAM’s Manufacturing Cybersecurity Advisory Council (MCAC), a group of manufacturing CISOs, the NAM has partnered with PwC to conduct a survey to benchmarking survey. The goal of the survey is to quantify the current state of OT cybersecurity and provide benchmarks and goals for all manufacturers to reduce the cyber risks in the supply chain.
 
Please complete this survey or forward to the appropriate individual at your organization. Thank you in advance. All responses will be kept confidential and results shared in aggregate. 

Question Title

* 1. Who is primarily responsible for OT security in your organization? Select one.

Question Title

* 2. How large is the size of the team that is 100% dedicated to OT security in your organization?

Question Title

* 3. How many individuals are allocated to support OT security as part of their overall role?

Question Title

* 4. From which department (s) or divisions budget does the bulk of funding for OT security initiatives and/or ongoing costs (e.g., Tool licenses, maintenance, etc.) come from?

Question Title

* 5. How integrated are the cyber functions between IT and OT?

Question Title

* 6. Please choose which best represents the stage of OT/ICS security your organization is in currently?

Question Title

* 7. Relative to the Capability Maturity Model Integration (CMMI) levels, how mature is your OT cybersecurity program today?

Question Title

* 8. What are the top two reasons driving your organization to expand your OT security program (Choose Top 2)?

Question Title

* 9. To what extent do the following executives have visibility into OT security risks at your organization?

  None at all Very limited visibility Some visibility Full visibility
CEO and Direct Reports
VP Level Only 
Engineering
Operations/Supply Chain Team​
Cybersecurity Team
Information Technology (IT) / Infrastructure Team​
We have opportunity to expand visibility of OT risks at the organization

Question Title

* 10. Which of the following are communicated regarding OT cyber risk to executives and boards in your organization? Please check all that apply.

Question Title

* 11. What initiatives are in-flight or planned for implementation in 2023 to address your key OT security risks? (Select All That Apply)​

Question Title

* 12. Which of the following information security frameworks has your organization adopted for your OT security program? Check all that apply.

Question Title

* 13. If you are an organization that manufactures a connected product or solution, are you considering submitting your product for certification with an industry standard?

Question Title

* 14. What tools are you using for OT asset and/or monitoring? Please check all that apply.

Question Title

* 15. What tools are you using for Privileged Access Management (PAM) in your OT environment? Please check all that apply. 

Question Title

* 16. What is the composition of the resources performing OT security activities in your organization today? Please indicate the percentages; percentages must add up to 100%. (Example: for 20%, enter 20.)

Question Title

* 17. Which best describes your plans for future OT security staffing?

Question Title

* 18. To what extent are the following changes affecting your organization’s OT security strategy?

  Not applicable Not at all affecting our OT security strategy Only somewhat affecting Very significantly affecting
Decisions around OEMs
Diversification of strategies across regions​
Consolidating plants​
Building new plants​
Reconsidering supplier network to ensure components are cyber-secure
Looking deeper into security of connected products​
Other

Question Title

* 19. If you are executing an OT IAM initiative, are you planning on using one AD domain/forest for OT or multiple AD domains in OT?

Question Title

* 20. What is your company’s primary industrial classification?

Question Title

* 21. What is your firm size (e.g., the parent company, not your establishment)?

T