Menu

Featured

Climate risk, resilience and adaptation

Business transformation

Artificial intelligence

Loading Results

Emerging risks

Geopolitical shifts amplify OT security risks
Factory engineer inspecting the work process
  • Insight
  • 7 minute read
  • January 19, 2026

Operational technology (OT) has become a major target in geopolitical cyber conflicts, increasing the risk to critical infrastructure and business operations. To guard against these threats, organisations should align leadership on responsibilities and resources, implement strong network segmentation, and achieve clear visibility across their environments.

Industrial and critical infrastructure systems are facing mounting cyberattacks from foreign adversaries, cybercriminals, and activists. Malware targeting OT environments is becoming more sophisticated and AI-enabled, disrupting numerous areas from energy grids to manufacturing and logistics. Nation-state rivals are running long-term campaigns, using credential harvesting and living-off-the-land (LOTL) tactics to infiltrate IT and OT systems for sabotage and/or espionage. Recognising these evolving threats, the US and other countries recently issued joint guidance outlining principles for the secure integration of AI into operational technology to help reduce emerging risks.

Some examples of recent OT attacks:

  • Jaguar Land Rover manufacturing disruption (March 2025): A cyberattack disabled manufacturing operations, causing major production outages and exposing vulnerabilities within automotive supply chains.
  • US water and wastewater infrastructure exploitation (September 2024): Threat actors used basic tactics to exploit vulnerabilities in critical water and wastewater systems, underscoring ongoing risks to essential services.
  • Ukraine power grid attacks (2024–2025): Multiple cyberattacks throughout this period disrupted power distribution, leading to significant outages and highlighting the vulnerability of energy infrastructure in conflict zones.
  • US electrical substation attacks (2023): Cyber intrusions targeted substations in California and North Carolina, raising alarms over the security of the nation’s electrical grid.
  • Israel-Iran cyber conflict (2024–2025): Ongoing cyberattacks targeting critical infrastructure illustrates the geopolitical tensions and risks to OT environments in this region.


As these threats to OT environments evolve, security strategies are being tested, leaving many organisations struggling to protect critical systems. The challenges often go beyond individual threats, touching on weaknesses in governance, operations, compliance, and physical security that form an interconnected web of vulnerability. Understanding where these pressures collide is key to moving from reactive firefighting to proactive, resilient security.

  • OT systems are continuing to become entangled in global cyber conflict. In some cases, they’re the intended target; in others, they’re collateral damage.
  • Critical national infrastructure (CNI) and non-CNI organisations continue to face challenges with vulnerable OT systems and limited protection mechanisms.
  • CNI organisations like energy, utilities and transportation are increasingly becoming strategic cyber targets.
  • Non-CNI companies like manufacturing, aerospace, and consumer products face spillover risk due to similar challenges and shared original equipment manufacturer (OEM) components and supply chains.
  • Modern ransomware groups are increasingly targeting OT environments to encrypt IT assets and disrupt OT production and safety systems.
  • Governments and industry groups are issuing stricter cyber and OT-specific security requirements and standards, but not consistently across borders. This variability can create challenges for regulatory change management and compliance programmes.
  • NIS2 (EU) expands mandatory controls for critical infrastructure organisations, as well as incident reporting timelines and executive accountability.
  • CISA, TSA, EPA (US) are introducing OT-specific expectations for resilience and incident response.
  • IEC 62443 is becoming a global cyber standard for industrial automation and control systems (IACS), but adoption varies widely. A recent update further highlights the importance of adopting consistent standards across CNI industries.
  • Tech debt from decades-old OT systems is being connected to modern digital infrastructure, without the cyber maturity to match.
  • Many OT environments were designed with a focus on operational efficiency, not security.
  • Third-party integrators, vendors, and maintenance providers often access OT networks, frequently remotely, which can extend the attack surface and introduces risks that are difficult to monitor or control. High-profile supply chain attacks like SolarWinds and MOVEit have demonstrated how these vulnerabilities can have major downstream impacts on OT environments.
  • The adoption of edge computing for on-site analytics and data modelling can create new, highly connected endpoints inside OT environments, often without the same hardened security controls applied to core systems.
  • OT systems often require people on-site to operate and maintain them, making physical access a key risk. Unlike IT systems housed in secure data centres, OT equipment can be spread across many sites with varying security controls.
  • OT assets are located in factories, plants and other critical infrastructure sites that often lack strong physical security or monitoring controls.
  • People on site, including operators, contractors and vendors, can bypass controls or make errors that put systems at risk.
  • Physical access can give attackers a way to directly connect to devices (USB plug-and-play, direct connection, etc.), tamper with equipment, or introduce malware.

Commonly overlooked aspects of OT cybersecurity

While many organisations are making progress on OT cybersecurity, significant gaps can still hide in plain sight. These aren’t technical lapses, they’re governance, visibility, and organisational weaknesses that can undermine otherwise strong security measures.

  1. IT/OT convergence
    IT and OT systems continue to converge, sharing networks, data flows, and infrastructure. Although OT environments are critical for revenue-generating processes and outputs, many organisations treat it as a domain that's separate from or subordinate to IT. This can lead to uneven security safeguards, investment in remediation, and allocation of resources to address this issue. What’s more, convergence introduces pathways for IT-based threats to reach critical OT assets (and vice versa), often without adequate segmentation, visibility or protection.
    To address these vulnerabilities, start by designing your strategy around the operational impact of convergence. Build the case for investment in OT cybersecurity as a way to protect revenue-generating assets. Approach IT/OT convergence with security as a priority. Keep OT environments and network services as separate as possible to help reduce the attack surface and limit the potential blast radius.
  2. OT asset management
    Many OT environments lack strong asset inventories due to limited network visibility, unmanaged networks, and a shortage of telemetry compatible with modern SIEM or network detection tools. Moreover, aging OT equipment often cannot tolerate intrusive monitoring, restricting the use of active discovery methods. Without overall visibility, it can become challenging to apply security measures across the environment.

    To overcome these challenges, prioritise implementing OT network security monitoring (NSM) solutions that enable passive scanning of network traffic. This approach helps generate reliable asset inventories, identify vulnerabilities and produce alerts that can be used to identify, monitor, and respond to threats within your connected OT environment.
  3. Security ownership and skills
    While responsibility for OT cybersecurity typically falls to the CISO, accountability for risk typically spans security, operations, engineering, and compliance. This fragmentation can lead to funding gaps, decision-making paralysis, and disorganised incident response. It can also undermine efforts to attract and retain the specialised, hybrid talent that OT environments require. Many organisations struggle to find specialists who understand the unique mix of engineering, safety, and IT constraints. Without focused investment in training and development, and leadership commitment to these efforts, gaps in skills and collaboration will likely continue to undermine OT security.

    Getting ahead of this can require assigning clear executive ownership with budget authority. It also requires developing specialised OT skills through cross-training and practical learning opportunities.
  4. Vendor transparency and risk
    Many critical OT systems are managed through opaque vendor relationships. OEMs control firmware updates, diagnostics access, and visibility into device behaviour. This can leave internal teams with limited ability to investigate incidents, monitor assets, or confirm controls.

    To manage this risk, confirm that your vendor SLAs include strong transparency and security provisions. Push for shared telemetry and access standards.
  5. OT network segmentation
    OT and IT networks are often comingled across flat networks, leaving both sides susceptible to attacks. OT network segmentation divides an organisation’s OT environment into isolated security zones, helping reduce the risk of threats spreading across critical assets and processes. This structured approach can strengthen defences by containing potential breaches, maintaining continuity of essential operations and reducing financial impact during an attack.

    To implement segmentation within your OT environment, divide the shopfloor into multiple security zones. This helps to contain potential breaches, protect critical processes, and reduce operational disruption in the event of an attack.
  6. Cloud connectivity and edge devices
    As part of digital transformation initiatives, organisations are pushing to move operational data and control capabilities to the cloud for predictive maintenance, AI-driven optimisation and remote operations. This can introduce new dependencies on internet connectivity, third-party cloud security, and identity federation across previously isolated environments.

    As digital transformation initiatives continue to increase connectivity within operational environments, it’s important to build cybersecurity into your transformation plans by design. Incorporate network segmentation controls, where technically feasible, and monitor advancements in edge security standards (e.g., OPAS standards).

Building adaptable OT cybersecurity capabilities

Securing OT isn’t a one-time project, it’s an evolving discipline. Organisations should move beyond reactive fixes and toward a scalable, forward-looking OT cybersecurity programme. Below is a four-tiered approach to secure your OT environments, with each level building the technical and governance maturity required for long-term resilience.

Maturity model

Building adaptable OT cybersecurity capabilities graphic

Build the essential infrastructure and visibility required to secure core IT environments.

  • Asset visibility and monitoring: Establish continuous, real-time monitoring of OT devices and systems, including unmanaged and vendor-owned assets, to create a correct and dynamic understanding of your operational environment and enable cyber monitoring.
  • Governance: Develop and implement a formal OT cybersecurity governance framework that defines operational models, clarifies roles and responsibilities using RACI matrices, establishes robust policies and sets enforceable standards with executive oversight.
  • Incident response plans: Build OT-specific playbooks for cyber events that involve industrial systems and run cross-functional tabletop exercises.
  • Board-level oversight: Include OT cyber risk in board-level risk reporting and strategic planning discussions.

Move from visibility to response. Strengthen operational readiness to detect and contain threats.

  • Network segmentation: Create strong perimeters between IT and OT networks to prevent cross-contamination and lateral threat movement.
  • Vulnerability management: Identify and assess known vulnerabilities in OT systems, even when patching isn’t possible, and apply compensating controls.
  • Secure remote access: Implement strong remote access controls tailored for OT environments, including multifactor authentication, encrypted communication channels, and strict access permissions to protect against unauthorised intrusion.
  • Integrated risk management: Embed OT cybersecurity risk management into the broader enterprise risk framework, creating continuous identification, assessment, and mitigation of OT-specific risks aligned with business objectives.

Shift from detection to proactive defence, reducing attacker dwell time and enhancing visibility.

  • Threat detection: Deploy sensors and analytics to monitor for abnormal behaviour across OT environments.
  • Resiliency: Design backups to be secure and tested to restore operations after a cyber event, not just a technical failure.
  • Identity and access management and active directory segmentation: Implement strong IAM controls and segment directory services to limit access and reduce the attack surface within OT environments.
  • Micro-segmentation within OT networks: Limit movement within OT environments by creating internal zones of control tied to function and risk

Embed OT cybersecurity into enterprise risk and governance structures at the highest level.

  • Metrics and automated reporting: Define and track key OT cybersecurity performance indicators, and implement automated reporting systems to provide timely, actionable insights for continuous improvement and executive oversight.
  • Targeted training and awareness: Develop and deliver specialised training programmes focused on OT cybersecurity risks, leading practices, and operational constraints to build staff competence and reduce human error.
  • Third-party risk management: Establish rigorous processes to assess and manage cybersecurity risks posed by OT vendors and service providers, including contract requirements, transparency, and shared security responsibilities.
  • Compliance certification readiness: Prepare for formal audits or certifications tied to industry standards (e.g., NIS2, IEC 62443, ISO 27001 extensions).

Geopolitical shifts amplify OT security risks

Contributors

Sean Joyce
Sean Joyce

Partner, Global Cybersecurity & Privacy Leader, PwC United States

Email
Harshul Joshi
Harshul Joshi

Principal, Cyber, Risk and Regulatory, PwC United States

Email
Morgan Adamski
Morgan Adamski

Principal, Deputy Platform Leader, Cyber, Data, and Tech Risk, PwC United States

Email
Sean Sutton
Sean Sutton

Partner, Operational Technology and Cybersecurity, PwC United Kingdom

Email
Omar Sherin
Omar Sherin

Partner, PwC Middle East

Email
Amanjit Makesh
Amanjit Makesh

Partner, Cybersecurity, PwC India

Email
Yoshihisa Uemura
Yoshihisa Uemura

Partner, Consulting, PwC Japan

Email
Scott Schill
Scott Schill

Director, Cybersecurity & Privacy, PwC United States

Email
View More

Global cybersecurity and privacy

We help you reduce risk and increase resilience so you can keep your business moving forward

New world, new rules: The 2026 Global Digital Trust Insights

Get the full C-suite playbook and more of the latest findings for 2026

Follow us

Required fields are marked with an asterisk(*)

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Hide

© 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.