By Jeroen van Es
A few months ago, I had a conversation with a CEO who had recently faced a significant operational disruption due to a cyberattack on their OT (Operational Technology) systems. As we talked, I could see the stress of managing this crisis—lost productivity, damage control, and the daunting task of rebuilding trust with clients and stakeholders. His experience mirrors what many companies face today: OT systems that were never designed for modern digital connectivity are now prime targets for increasingly sophisticated cyber threats.
Reading Fortinet’s 2024 State of OT and Cybersecurity Report only reinforced what I’ve seen firsthand. The report makes one thing abundantly clear: cybersecurity in OT is no longer just a technical challenge. It requires the full attention and commitment of executive leadership. Here are five critical insights from the report that I believe every CEO, CFO, and business owner should take seriously.
1. Intrusions Are on the Rise
This year alone, 31% of organisations reported six or more cyber intrusions—a staggering increase from just 11% last year. These intrusions bring more than just IT headaches. They disrupt operations, lower productivity, and even damage reputations. For any business leader, these numbers should serve as a stark reminder: the threat to OT environments is real and intensifying. Now is the time to re-evaluate your company’s security posture to protect against these risks.
2. Leadership Must Step Up
In many organisations, OT cybersecurity is increasingly being handed to the Chief Information Security Officer (CISO). But while CISOs play a crucial role, their efforts alone aren’t enough. I believe executive leadership, including CEOs and CFOs, must engage directly in cybersecurity strategies. OT security isn’t simply an IT issue; it’s a business risk that can impact compliance, customer trust, and even the bottom line. Leaders need to ask themselves: Are we prepared for the risks? And if not, what will it take to get there?
3. Security Maturity Is Improving but Needs More Attention
The report shows promising signs that organisations are making strides in OT security, but there’s still a long way to go. Only 5% of companies currently have full visibility into their OT systems. This means that the vast majority of organisations are operating in the dark, leaving them vulnerable to a rapidly evolving threat landscape. Without a clear understanding of what’s happening within OT networks, defending against threats becomes nearly impossible.
4. Brand and Reputation at Risk
As a business leader, protecting your brand is non-negotiable. According to the report, more than half of the organisations affected by intrusions reported damage to their brand awareness. Regulatory requirements often mean that breaches must be disclosed, leading to negative publicity, reduced customer retention, and lost revenue. Nobody wants their company’s name associated with a cybersecurity breach. Just look at how negative press affected Crowdstrike—revenue and customer loyalty were impacted. Securing OT isn’t just about keeping operations running; it’s about protecting your reputation in the marketplace.
5. Investment in Cybersecurity Measures Is Essential
There is good news here: many organisations are starting to invest in critical cybersecurity tools. From internal network segmentation to role-based access controls, these measures are essential for keeping sensitive OT systems secure. As I often advise clients, the cost of not investing in cybersecurity far outweighs the expense. By prioritising these investments, companies are not only protecting their systems but are also strengthening their competitive edge.
A Call to Action for Business Leaders
As OT cybersecurity becomes a more critical part of business continuity, it’s time for CEOs and CFOs to lead the charge. Building a resilient organisation requires both robust technical defences and executive-level commitment. If there’s one lesson to take away from Fortinet’s report, it’s this: the responsibility for OT cybersecurity belongs in the boardroom.
At Nautilus OT, we work daily to empower organisations with the tools and insights needed to protect their OT environments. I believe that with the right leadership, businesses can not only safeguard their operations but thrive in today’s high-risk landscape.