A Dragos report finds that cyber incidents disrupting operational technology (OT) could have a global financial impact of approximately $330 billion. According to the report, the cost of business interruptions alone would surpass $172 billion. However, indirect expenses are often unaccounted for when organizations consider the costs. 

For context, the average yearly global risk (business interruption claims included) is $12.7 billion. Furthermore, average global aggregated risk over the next year amounts to $31 billion. 

Security Leaders Weigh In

James Maude, Field CTO at BeyondTrust:

Securing remote access remains one of the top priorities for many organizations especially in high risk, OT and ICS environments which need to be kept well away from the public internet. Organizations need to think about how to securely manage privileged access into their critical environments, ensuring that employees, vendors, and third parties have just the access and permissions needed to do their job without additional risk exposure. This can be combined with real time monitoring and controls to audit and terminate access in the event of identity compromise. Relying on VPNs or Remote Desktop alone is not enough and risks introducing additional attack vectors.

Beyond remote access, an important defense is to reduce standing privileges in the environment so that in the event an identity is compromised the ‘blast radius’ is limited. This is especially important in the age of identity attacks and hybrid environments where one compromised identity can open up paths to privileged access on dozens of systems on-prem and in the cloud that organizations weren’t aware of.

The C-Suite, CISOs, and CSOs need to look beyond siloed views of obviously privileged identities in individual systems and take a holistic view of the combinations of privileges, entitlements, and roles that could be exploited by an attacker to elevation privilege, move laterally, and inflict damage. The identity security debt accumulated by many organizations represents a far greater risk than any other area as it only takes the attacker to login using the right identity and all is lost because of the paths to privilege that flourish in their environment.

Understanding and reducing your identity attack surface should be at to forefront of every organization thinking when it comes to cyber defense moving forward.

Thomas Wilcox, Vice President, Security Strategy at Pax8:

SOCs need to assume that a compromise will eventually occur and meet that challenge. This means streamlining identification, alert and response processes. It should not be a surprise that adversaries are leveraging AI to increase the speed of compromise.  The industry needs to meet the adversarial AI use with AI-powered toolsets that recognize, alert and can begin responding. It will not be acceptable to move at the speed of traditional incident response processes when our adversary moves at the pace of AI. 

New SIEM and SOAR technologies are rapidly incorporating AI threat analysis and active response capabilities. While SIEM and SOAR have been buzzwords for years now, the technology is finally showing real value with the emergent threats associated with large-scale OT compromise and patterns of compromise that humans likely would miss. AI is showing it has a valued place in providing rapid visibility and response. When these technologies get paired with capable endpoint threat detection, organizations gain actionable views into the point of most compromises, the human endpoint. Finally, we see increased capabilities emerging to find indications of compromise on the Internet or Dark Web. Again, these leverage AI to actively search for signs that a company may have been breached, as a last line to minimize the impact.  

The reality is that the industry is generally lagging behind the capabilities of APTs and AI in terms of attack capabilities. We need to move more quickly to leverage AI and meet the challenge.

Chad Cragle, Chief Information Security Officer at Deepwatch:

The Dragos findings highlight a staggering cost of OT cyber risks: $330B in potential yearly losses. If your SOC manages IT/OT data, that number should send chills down your spine, and if you’re a CISO responsible for that data, you’re probably only getting 2.5 hours of sleep each night. The foundation starts with visibility into OT assets, anomaly detection tailored for industrial protocols, and incident playbooks designed for both operational and safety impacts. These aren’t just “extras” — they are critical. 

The fastest way for many organizations to achieve this is by partnering with a Managed Detection and Response (MDR) provider. MDR expands your SOC with 24/7 monitoring, proactive threat hunting, and quick containment, all vital in OT, where every minute of downtime costs money and can threaten lives. Combined with OT-specific tools, MDR offers the speed, expertise, and scale needed to reduce detection times, coordinate responses, and keep operations running smoothly under pressure. Ultimately, an OT breach has real-world consequences. The financial damage is serious, but the harm to reputation and the risk to critical infrastructure can be even more severe.

Richard Springer, Senior Director, OT Solutions at Fortinet:

We have seen an elevation of OT cybersecurity and production risk due to recent global events. Additionally, companies’ risk awareness processes are raising the prioritization of OT security to a corporate level. We are seeing these efforts led by the CISO and/or CIO, which often includes additional funding and resources to more adequately address their OT security posture.  

Challenges in converging OT and IT come in a wide spectrum of complexity and maturity for OT organizations.  At the most basic, organizations are connecting their OT networks for the first time, eliminating the so-called air-gap from the internet. On the other side of the spectrum, there are OT organizations that building out an OT security operations center (SOC) or they’ve progressed to a joint IT/OT SOC.

Moving forward, and with the increased adoption of GenAI, the limited OT security resources will have tools to more easily detect and respond to cyber threat in OT networks and devices.  Automation will follow, but in OT, there is always a need for special considerations and guardrails to ensure production and critical infrastructure reliability. 

Mr. Agnidipta Sarkar, Chief Evangelist at ColorTokens:

Attack sophistication is on the rise and OT/ICS organizations come to a halt when faced with a cyberattack. Unfortunately, cyber OT leadership are focusing on stopping attacks rather than stopping the explosion of attacks. We now know that it is not if, but when, the cyberattacks should happen. It’s time to invest in foundational cyber defense capabilities to dynamically change attack paths to limit the impact of any attack.

Zero trust authentication in OT to manage both human and machine identities, combined with zero trust approaches, are great stride to address breaches. Breach response should not lead to a full shutdown, but operate a minimum viable digital business.