Industrial companies are aware of cyber risks. Implementing actions to address them is a different challenge.
Industrial companies are allocating more resources to cybersecurity than ever, but security incidents are still increasing. There's clearly a problem.
When hackers managed to infiltrate the control systems of Norway's Lake Risevatnet Dam, they didn't take any data or ask for a ransom. Rather, they activated the water release valves. Over a period of four hours, the flow rate rose by almost 500 liters per second before the operators took back control. Although no injuries occurred, the incident revealed a critical vulnerability that improved monitoring alone cannot fix.
In the last five years, industrial organizations have invested heavily in operational technology (OT) security. Almost 9 out of 10 raised their OT security budgets by over 10% in the previous year, according toTXOne Networks' global Survey of industrial security executives. The ability to detect issues has certainly enhanced, with almost half of cases now being recognized within a day.
However, 60% of organizations still experienced a security breach in 2025, and the European Union Agency for Cybersecurity indicates that incidents related to operational technology now make up a significant portion of overall cyber activity.
Businesses are identifying risks more quickly, yet they are still being affected, indicating that the problem is no longer about visibility but about implementation.
From Visibility to Action
Although organizations are now capable of detecting vulnerabilities throughout their systems, taking action on them continues to be challenging. Numerous entities still use IT-focused risk assessment models that have minimal connection to real-world conditions. These approaches highlight hundreds of problems as urgent without differentiating between a low-impact desktop and a controller linked to a safety system, resulting in confusion instead of clear insights.
Even if priorities are well-defined, industrial settings pose challenges for straightforward changes because shutting down a production line to install a software update typically leads to reduced output, financial pressure, or heightened safety hazards.
This uncertainty leads to an increasing accumulation of identified weaknesses. Although 90% of companies claim to perform regular updates, only a small portion manage extensive patch implementation across their systems.
When the solution arrives too late
The expense of addressing these problems might seem excessive, but the results of doing nothing are significantly more severe. In 2025, hackers took advantage of persistent weaknesses in systems that support Singapore's essential infrastructure. Controlling the damage demanded a unified national effort with more than 100 security professionals from various agencies working together for almost a year.
At the same time, the majority of attacks come from outside the industrial setting and then move into it. Ransomware groups like Qilin and Akira keep taking advantage of the connections between corporate IT systems and operational technology, using weaknesses that security teams are aware of but haven't made a priority to address.
Who owns OT security?
Ambiguous ownership adds to these technical difficulties. OT security often exists in a gray zone between IT departments, which are familiar with cyber threats but not industrial procedures, and engineering teams, which have knowledge of operations but lack expertise in cybersecurity. Consequently, responsibility becomes dispersed.
Even when specialized OT security positions are present, staff members are frequently overburdened. A single person might handle dozens or even hundreds of systems, each with unique demands and limitations. The issue is as much about organization as it is about technology.
How certain businesses are gaining an advantage
Certain organizations are starting to bridge the divide, and their strategy typically falls into three categories.
Initially, they focus on operational impact instead of technical severity. The key question is straightforward: which systems, if compromised, would halt production or pose a safety risk? Over half of security leaders now approach their priorities in this manner. It helps eliminate distractions and directs resources to areas where disruption would truly cause harm.
Second, they acknowledge that not all systems can be updated. In older or continuously running environments, the emphasis shifts to minimizing risk. Network segmentation is among the most powerful measures in this regard, preventing a corporate network breach from immediately turning into a production issue.
In conclusion, they are establishing specialized OT security capabilities. The quantity of companies having substantial OT security teams has risen considerably, indicating a heightened awareness that industrial cybersecurity should not be managed as an ancillary task by the IT department.
What comes next
The sector has achieved significant advancements in identifying dangers, yet recognizing these threats is just the initial phase. Businesses now need to concentrate on implementation by focusing on operational risks and protecting systems without disrupting production. In the end, the entities that thrive will be those capable of moving beyond merely observing threats and taking action against them.
This narrative was created byTXOne Networksand evaluated and disseminated by.
No comments:
Post a Comment