Experts are warning that industrial automation is facing a growing cyber security challenge, as Operational Technology (OT) environments struggle to keep pace with increasingly sophisticated threats.
Rob Demain, CEO of e2e-assure, says the risk is accelerating faster than OT systems can adapt. “OT systems were built for safety and reliability in isolated environments, not for security in connected ones,” he says. “Many still run on decades-old code that cannot be patched without halting production, while connectivity to IT networks, cloud-based SCADA platforms, and IoT sensors continues to expand. Each new connection is an attack path.”
His warning is backed by e2e-assure’s latest survey, published last week, which found that 51% of UK organisations believe their OT environments are now more likely to be targeted by cyber attacks than other parts of their operations.
The research was based on responses from 250 cybersecurity decision makers working in UK-based organisations with between 250 and 10,000 employees, across sectors including manufacturing, Critical National Infrastructure, energy, transport, government, and life sciences.
Demain points to a rapidly changing threat landscape as a key driver. Recent research has shown that AI can now be used to develop sophisticated zero-day exploits for around £50 in compute costs, representing a 99% reduction compared with traditional approaches.
“What was once nation-state capability is now accessible to almost any threat actor,” he says. “With access to firmware, OT and IoT devices become easy targets for reverse engineering, allowing attackers to uncover vulnerabilities defenders do not even know exist.”
The consequences for automation-heavy environments can be severe. Unlike IT breaches, which often centre on data loss, OT attacks directly affect availability.
“In OT, it is about production lines stopping or power generation failing,” Demain says. “Even attacks that begin in IT can have knock-on effects in OT, because production depends on order systems, inventory management, and scheduling platforms that sit in IT.”
Recent incidents highlight the scale of the risk. The Jaguar Land Rover cyber attack resulted in a five-week production shutdown, £485m in direct losses, and disruption across more than 5,000 organisations in the supply chain, with the total UK economic impact estimated at £1.9 billion. “You cannot simply shut down a refinery or factory to apply patches in the same way you would take an IT system offline,” Demain adds.
Concern about OT cyber risk is echoed across the industry.
Robert M. Lee, CEO and Co-founder of Dragos, warned that many organisations still lack visibility into their operational environments. “Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments,” he said. “The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer.”
According to Demain, addressing these risks requires a shift away from trying to retrofit IT security tools into OT environments. Instead, organisations need passive, observability-first monitoring that understands industrial protocols, control commands, and normal operational behaviour. “Security architectures must assume compromise,” he says. “In OT environments, detecting an attack in progress and having minutes to respond can be the difference between a contained incident and a production or safety catastrophe.”
