e2e-assure has warned that many organisations are still attempting to secure operational technology environments with tools and processes designed for conventional IT, leaving gaps in industrial cyber response.
The SOC-as-a-service provider said its research found that 32% of surveyed IT decision makers rely on detection platforms originally built for IT and adapted for OT. OT environments are often built around availability, safety, process continuity, and legacy control systems, while enterprise IT security is typically shaped by patching, endpoints, identity, and data protection.
The same study found that 63% of IT decision makers reported cyber incidents over the past 12 months that caused direct operational downtime or affected critical OT and industrial control system environments. e2e-assure said the figures show that industrial cyber incidents are already disrupting live operations.
“Most adapted IT platforms struggle in OT because they’re still thinking like IT tools. They can identify anomalies, but they often have no understanding of the business impact they have. OT downtime isn’t just a network problem; it’s a process problem, and if you can’t interpret what an alert means for a running plant or production line, you’re not preventing downtime, you’re just creating noise,” said Richard Groome, OT Cybersecurity Specialist at e2e-assure.
The research also identified weaknesses in how security teams coordinate response across converged estates. Twenty-eight percent of respondents still rely on manual or ad hoc coordination between IT and OT security teams, while 37% operate a shared platform for both environments but still need deeper technical integration.
Visibility remains limited across many industrial control environments. Only 15% of surveyed organisations have deployed passive visibility tools specifically designed for industrial control systems, leaving many teams without the operational context required to interpret alerts against live production, process safety, or uptime requirements.
Cloud connectivity is also increasing across operational environments. e2e-assure found that 70% of organisations have now fully or largely integrated cloud-connected environments into their IT/OT security strategies. Without stronger visibility and coordinated response, more connected infrastructure can increase exposure faster than teams can act on it.
“The volume of data being ingested is often not understood or actionable, meaning incidents may still be missed. More connected does not automatically mean more secure, particularly where exposure increases faster than coordinated response capability,” Groome added.
Training and role clarity are moving up the investment list, with 63% of leaders increasing budgets in that area. e2e-assure said OT security programmes now need purpose-built visibility, clearer ownership, and response processes that match the operational realities of industrial environments.
