The survey found that most respondents were from the energy/utilities sector. It showed that overall security staffing levels had increased slightly while CIP staffing had increased sharply, indicating organizations were reallocating existing staff rather than hiring new ones. Security spending remained low as a percentage of IT spending, with most funds going towards product purchases. CIP spending averaged around 25% and focused on staffing, products, and services. The survey also revealed that while most organizations required two-factor authentication for remote access, up to 20% may not adequately authenticate access to operational control networks.