New report: cyber-resilient infrastructure starts with early, strategy-driven design

‘Secure by design’ in industrial projects: a market-informed guide to building cybersecurity into new construction of critical infrastructure reveals a persistent gap in execution: while organisations recognise the value of early cybersecurity, 72% of respondents say cybersecurity enters industrial capital projects late or not at all. The report shares insights from more than 450 owners, critical infrastructure operators, engineering leaders, and engineering, procurement and construction (EPC) stakeholders worldwide.

“Cybersecurity cannot be an afterthought; it must be embedded early into capital requirements and procurement decisions,” said Charlie Sanchez, President of Infrastructure Advisory for Black & Veatch. “If it isn’t defined in the project scope, it won’t be delivered. Cybersecurity is a critical factor affecting public safety, economic stability and national resilience.”

'Secure by design’ emphasises that the most consequential cybersecurity decisions are made at the beginning of a project, when OT systems and industrial control system architecture, network connectivity and accountability are defined. Once detailed design and construction are underway, opportunities to meaningfully influence security narrow significantly, often forcing organisations into costly and disruptive retrofits after commissioning.

“Security must be validated at every phase, from early OT system and industrial control design through acceptance testing and handover. As regulations evolve, compliance alone is no longer enough,” said Ian Bramson, Vice President of Global Industrial Cybersecurity at Black & Veatch. “It establishes a baseline, but it does not ensure defensibility when design decisions are scrutinised after an incident. Leaders must move beyond minimum standards and design for durable, long-term resilience.”

Additional key insights from the report include:

• Respondents agree early cybersecurity reduces risk: 78% link early cybersecurity adoption to reduced downtime and operational disruption across connected OT systems and networks.
• 43% of respondents cite lack of expertise as a barrier and 77% shared moderate to significant external support would help them start earlier, indicating the importance of having the right people involved throughout the process.
• Cybersecurity plans are needed, but often missing — only 24% of respondents report that cybersecurity is always or often included early in industrial projects.
• Three-quarters of respondents identify a demonstrated business case as the strongest incentive for adoption.

To access ‘Secure by design’ in industrial projects: A market-informed guide to building cybersecurity into new construction of critical infrastructure, visit bv.com/resources/cybersecurity-report.

Read the article online at: https://www.tanksterminals.com/terminals/17042026/new-report-cyber-resilient-infrastructure-starts-with-early-strategy-driven-design/