Skip to content

NAM Leading Edge & PwC OT Benchmarking Survey 2023

At the request of NAM’s Manufacturing Cybersecurity Advisory Council (MCAC), a group of manufacturing CISOs, the NAM has partnered with PwC to conduct a survey to benchmarking survey. The goal of the survey is to quantify the current state of OT cybersecurity and provide benchmarks and goals for all manufacturers to reduce the cyber risks in the supply chain.
 
Please complete this survey or forward to the appropriate individual at your organization. Thank you in advance. All responses will be kept confidential and results shared in aggregate. 
1.Who is primarily responsible for OT security in your organization? Select one.
2.How large is the size of the team that is 100% dedicated to OT security in your organization?
3.How many individuals are allocated to support OT security as part of their overall role?
4.From which department (s) or divisions budget does the bulk of funding for OT security initiatives and/or ongoing costs (e.g., Tool licenses, maintenance, etc.) come from?
5.How integrated are the cyber functions between IT and OT?
6.Please choose which best represents the stage of OT/ICS security your organization is in currently?
7.Relative to the Capability Maturity Model Integration (CMMI) levels, how mature is your OT cybersecurity program today?
8.What are the top two reasons driving your organization to expand your OT security program (Choose Top 2)?
9.To what extent do the following executives have visibility into OT security risks at your organization?
None at all
Very limited visibility
Some visibility
Full visibility
CEO and Direct Reports
VP Level Only 
Engineering
Operations/Supply Chain Team​
Cybersecurity Team
Information Technology (IT) / Infrastructure Team​
We have opportunity to expand visibility of OT risks at the organization
10.Which of the following are communicated regarding OT cyber risk to executives and boards in your organization? Please check all that apply.
11.What initiatives are in-flight or planned for implementation in 2023 to address your key OT security risks? (Select All That Apply)​
12.Which of the following information security frameworks has your organization adopted for your OT security program? Check all that apply.
13.If you are an organization that manufactures a connected product or solution, are you considering submitting your product for certification with an industry standard?
14.What tools are you using for OT asset and/or monitoring? Please check all that apply.
15.What tools are you using for Privileged Access Management (PAM) in your OT environment? Please check all that apply. 
16.What is the composition of the resources performing OT security activities in your organization today? Please indicate the percentages; percentages must add up to 100%. (Example: for 20%, enter 20.)
17.Which best describes your plans for future OT security staffing?
18.To what extent are the following changes affecting your organization’s OT security strategy?
Not applicable
Not at all affecting our OT security strategy
Only somewhat affecting
Very significantly affecting
Decisions around OEMs
Diversification of strategies across regions​
Consolidating plants​
Building new plants​
Reconsidering supplier network to ensure components are cyber-secure
Looking deeper into security of connected products​
Other
19.If you are executing an OT IAM initiative, are you planning on using one AD domain/forest for OT or multiple AD domains in OT?
20.What is your company’s primary industrial classification?
21.What is your firm size (e.g., the parent company, not your establishment)?