A common best practice in any field is to benchmark performance or results against industry norms. In the case of industrial control systems (ICS), security breach bench-marking is a challenge.
There isn’t a lot of data available and the data sets that are available are not as extensive or as granular as one would like. Informal information sharing occurs through government bodies, consulting firms and security vendors as well as at conferences. Unfortunately, it’s not available to many people involved with designing and operating network infrastructure in the manufacturing and process control fields.
Having said that, there is some ICS security breach data available and it is worthwhile to obtain it, review it and reflect on it. This article provides a list of freely available information on the state of industrial security and provides some context for each source.