Operational technology (OT) security is growing into a board-level priority as industrial organizations increasingly rely on unified IT and OT environments to sustain production. The connectivity bolsters efficiency and resilience, however, it also expands the attack surface. 

The 2026 Fortinet State of Operational Technology and Cybersecurity Report reveals organizations are more alert about risks from ransomware groups, nation-state actors and other cybercriminals. Furthermore, they are realistic about OT cybersecurity maturity and are increasingly diligent about impending regulatory requirements. 

While visibility is also improving, gaps persist. The report found 23% of respondents have visibility into only half of their OT environment. Therefore, many security teams are defending these environments with inadequate information. 

Below, security leaders discuss concerns, trends and strategies for securing OT environments.  

Security Leaders Weigh In

Louis Eichenbaum, Federal CTO at ColorTokens:

Operational Technology (OT) environments rely heavily on Human Machine Interfaces (HMIs) and monitoring systems to give operators accurate situational awareness. If an adversary can compromise those systems and present false data, operators can be tricked into making dangerous decisions based on inaccurate information. In many OT environments such as water treatment facilities, pipelines, manufacturing plants, or energy infrastructure, false telemetry could have even more severe consequences ranging from environmental damage to safety incidents and operational outages.

The larger issue is that many of these OT systems were never designed with cybersecurity in mind. They were built for reliability and availability, not to withstand modern nation-state cyber threats. Unfortunately, many remain internet-facing, poorly segmented, and inadequately monitored. This is exactly why the cybersecurity conversation must move beyond prevention alone. We are never going to patch fast enough or prevent every intrusion. The focus now must be on resilience, assuming an adversary may gain access and ensuring they cannot move laterally or manipulate critical operations at scale.

Granular microsegmentation and zero trust principles are essential in OT environments because they help contain breaches, restrict unauthorized communications, and reduce the blast radius when a compromise occurs. The goal is not simply to stop every attack, but to ensure that a localized intrusion does not become a catastrophic operational event.

John Gallagher, Vice President at Viakoo:

Cybersecurity threats are always evolving, as are the skills needed to combat them. Clearly the shift by malicious hackers to target Operational Technology (OT) devices has brought new requirements to the lines of business, such as manufacturing, healthcare, physical security, facilities, etc. that are responsible for managing and securing such devices. Compared to traditional manufacturing or physical security workers, employers will pay a premium in these departments in their race to secure their non-IT devices. As threats become more cyber-physical in their impact, faster incident response and forensics will drive employers to recruit security professionals who can operate outside of the traditional IT space.  

I’d also like to touch upon the recent hype cycle around Mythos, which has been impressive, especially regarding its autonomous hacking capabilities. However, when we look past the theoretical zero-days in clean, standardized IT environments, the reality of securing OT and the Internet of Things (IoT) is the real cause for concern and urgent action because of Mythos. OT/IoT represents a larger attack surface than IT systems, and Mythos renders it into the most easily hacked part of infrastructure because it can overcome issues like non-standard operating systems and differences in network topology.  This directly accelerates existing trends like the shift of ransomware from data to OT systems, and the use of OT/IoT devices for initial infection and lateral movement. 

In the OT/IoT world, we are still managing device passwords on spreadsheets and manually rolling trucks to patch 10,000 cameras. If AI can discover and exploit a vulnerability in hours, yet it takes an organization six months of manual labor to patch their physical security systems, the math heavily favors the attacker. 

Nathaniel Jones, Vice President, Security & AI Strategy and Field CISO at Darktrace:

As Operational Technology (OT) becomes more integrated with IT systems, it presents more opportunities for attackers. OT security is strongest when supported by robust IT security, requiring coordination between IT and OT teams to defend the entire network. By adopting good cyber hygiene, proactively securing your digital estate, and addressing any vulnerabilities before they can be exploited, organizations will be much better equipped to defend their networks against increasingly resourceful threat actors.

Vincenzo Iozzo, CEO and Co-founder at SlashID:

Unfortunately, most Operational Technology (OT) systems were designed without security in mind. This includes the inability to patch them promptly or monitor them. Large Language Models (LLMs) are likely going to make attacks against OT systems more frequent as they further reduce the skill level required to launch these attacks. In the short term, the most effective approach we have to secure them is appropriate segmentation. Long term, these OT systems are some of the best candidates for architectural changes driven by LLMs. 

Vikesh Khanna, CTO & Co-Founder at Ambient.ai:

Legacy issues, such as air-gapped systems being compromised, weak authentication, and unpatched vulnerabilities persist, however, we’re seeing shifts toward more resilient architectures that incorporate physical security layers. For instance, unauthorized physical access to ICS assets — such as control panels or field devices — remains a major vector for breaches. With AI integration for real-time monitoring, anomaly detection, and proactive physical threat prevention, combined with stricter regulations, I expect meaningful improvements.

Recent trends include AI-driven anomaly detection, micro-segmentation, and zero-trust architectures, however a key innovation is agentic physical security for proactive threat prevention. Adaptive protections using ML for real-time encryption and threat response are game-changers, especially when layered with physical barriers and AI-verified access. 

Global, geopolitical conflicts are fueling a surge in Operational Technology (OT) attacks often exploiting physical vulnerabilities such as unsecured facilities or insider access. State-sponsored actors and hacktivists target critical infrastructure for disruption, as seen in DDoS campaigns, ransomware, and even physical sabotage attempts. This convergence of cyber warfare and geopolitics heightens risks, making robust agentic physical security essential to complement digital defenses and mitigate hybrid threats.