Specialist approach to OT cyber security needed

The findings show that 32% of surveyed IT Decision Makers admit they are currently relying on detection platforms originally built for IT and "adapted" for OT. This puts organisations at risk, as many are still trying to secure industrial environments with tools that were not designed to understand them.

This is concerning given that 63% of IT decision makers also cited that cyber incidents in the past 12 months resulted in direct operational downtime or impacted critical OT/ICS systems.

The research points to structural weaknesses in how incidents are managed across converged environments, as 28% of surveyed respondents still rely on manual or ad hoc coordination between their IT and OT security teams, while 37% of organisations have a shared platform for both IT and OT environments, but full technical integration needs to become a priority.

Richard Groome, OT cybersecurity specialist at e2e-assure, commented: "Most adapted IT platforms struggle in OT because they’re still thinking like IT tools. They can identify anomalies, but they often have no understanding of the business impact they have. OT downtime isn’t just a network problem; it’s a process problem, and if you can’t interpret what an alert means for a running plant or production line, you’re not preventing downtime, you’re just creating noise."

While extending IT platforms into OT is an obvious route to take, it creates a critical preparedness gap where organisations may have large volumes of data but lack the visibility needed to understand what it means in an operational context.

Without clear insight, teams are unable to interpret alerts or assess their impact on live environments, limiting their ability to act decisively. This is compounded by the fact that only 15% have deployed passive visibility tools specifically designed for industrial control systems, leaving many organisations without the real-time visibility required to translate data into actionable intelligence and reduce operational risk.

The challenge is becoming more acute as connectivity expands, as 70% of organisations have now fully or largely integrated cloud-connected environments into their IT/OT security strategies. However, without improvements in visibility and coordinated response, increased connectivity risks widen the gap between exposure and resilience.

At the same time, many organisations are unable to measure the effectiveness of their risk reduction measures, as 28% of businesses still rely on manual or ad hoc coordination between IT and OT teams, and only 37% operate a shared platform to deliver alignment and visibility across teams.

"The volume of data being ingested is often not understood or actionable, meaning incidents may still be missed. More connected does not automatically mean more secure, particularly where exposure increases faster than coordinated response capability," added Groome.

Encouragingly, organisations are beginning to recognise that the challenge is not simply a lack of technology, but how effectively it is used. Sixty-three per cent of leaders are increasing budgets for workforce training and role clarity, the highest prioritised budget area.

The research also highlights shifting priorities across OT security programmes, with supply chain risk emerging as a key area of investment following recent breaches. Investment now is critical, given that previously shared findings found the financial consequences of these preparedness gaps are rising, with almost a quarter (23%) of the most severe OT downtime incidents costing over £1 million, and 6% of incidents exceeding the £5 million mark.

Without purpose-built visibility and a distinctive IT and OT security strategy, organisations will continue to struggle to translate data into action, leaving the preparedness gap that threatens operational disruption. 

e2e-assure.com