How our brokerage work helped uncover security vulnerabilities at a leading global automation technology provider

About 80 percent of OT managers companies have experienced a breach in infrastructure at some point during the past two years. Furthermore, a global study from IBM shows that on average, associated data leaks account for about GBP 2.85 million in losses. Just 10 percent of firms surveyed report that they have never experienced such a breach, and this group of companies largely consisted of organizations whose systems underwent regular audits and penetration tests.


At a worldwide provider of automation technology, whose systems had never undergone an external audit or test, it was important to carry out penetration tests on a regular basis and to manage vulnerabilities. The aim of these measures was to create more transparency over potential security gaps.

The company’s heterogeneous system landscape, consisting of IT, OT, and IOT, required suitable and flexible service providers. We started by taking stock of the systems to be checked, as well as clarifying the test scope. We then established criteria for vendor selection. Among other things, we took into account the experience of the respective provider, the certifications of the penetration tester, value for money, and customer references for previous projects. After completing an anonymous call for tenders from potentially suitable service providers, we organized the presentation of four offers, and we supported the client in the selection process.


Black-box and grey-box penetration tests identified some operations-critical security gaps. The company saved on costs, as we made an offer that provided superior value for money versus the customer’s own tender.

Are you considering cybersecurity measures? CyberCompare has proved providers in its selection and, as an independent market participant, can bring no-cost, non-binding offers for comparison. Talk to us by sending an e-mail or measure your cyber posture with our diagnostic.

Note: This article reflects our current state of information, but we are learning, too. Are there any key aspects missing, or do you have a different perspective on the subject? We are happy to debate on recent developments in greater depth both with you and other experts within your company, and we look forward to hearing requests and feedback.

Lastly: The mention (or lack of any mention) of a specific provider does not represent endorsement or lack of endorsement from CyberCompare. Recommendations are always made independently of individual customer situations.