Process industries handle significant volumes of hazardous, explosive, and flammable materials with specialized protocols. With increasing trends of automation, digitization, and network incorporation, the process industries have become more vulnerable to cyber attacks. The Security Vulnerability Assessment (SVA) methodologies were developed two decades ago to fortify preparedness against security threats for process industries, but the rise of cyber technologies encourages a more structured methodology aimed at risk evaluation and cybersecurity in the process industry. Thus, to develop effective cybersecurity countermeasures, it becomes imperative to lay the contextual framework of previous cyber attacks, hacking techniques used by the attackers, and vulnerabilities in the process industry. A review of 82 cybersecurity-related incidents distills cybercrime in the process industry to a database. An analysis of the database demonstrates that among facilities vulnerable to threat, including “nuclear power stations, water and food plants, chemical factories and oil refineries,” 31% of facilities experienced a cyber attack on the Operational Technology (OT) system. In addition, Insider threats play a significant role in cybersecurity incidents. The database and its findings can be used to enhance SVA methodologies and help identify patterns of cyber attacks.
