Sign in Subscribe

While boardrooms debate digital transformation strategies, their operational technology is under siege—and most don't even know it's happening.

The Sobering Reality of OT Cyber Risk

New World Economic Forum data reveals a crisis hiding in plain sight: 77% of energy and manufacturing companies suffered successful cyberattacks that compromised confidential data or disrupted operational technology (OT) in the past 12 months. Even more alarming—62% of successful attacks took more than one month to discover, with average recovery times stretching seven months.

But here's the real kicker: companies estimate that 41% of all attacks in their OT environments go completely undetected.

Original Article/Survey Information:

https://www.weforum.org/stories/2025/06/cyber-threats-energy-and-manufacturing-ot-technology/

Additional Analysis:

Why OT Cybersecurity Is Different—and More Critical

Unlike traditional IT systems that primarily handle data, operational technology controls physical processes—power grids, manufacturing lines, water treatment facilities, and chemical plants. When OT systems get compromised, the consequences extend far beyond data theft to include production shutdowns, safety hazards, supply chain disruptions, and even physical harm.

The survey reveals why OT environments are so vulnerable:

  • 50% of companies rate their own defenses poorly, capable of stopping little more than accidental misuse
  • Majority report their OT networks aren't properly segmented from corporate IT systems
  • Widespread use of devices with known vulnerabilities that often can't be patched without shutting down operations
  • 52% believe they're likely to suffer a successful OT attack in the next year

The Hidden Supply Chain Multiplier Effect

What makes this crisis particularly dangerous for supply chain professionals is the interconnected nature of industrial operations. When 24% of detected attacks require halts to OT workflows, the ripple effects cascade through entire supply networks.

Energy supply chains are especially vulnerable because disruptions anywhere in the value chain can cause chaos from producer to consumer. The April 2025 power outage affecting Portugal and Spain demonstrated how instability propagates across interconnections, disrupting millions of lives and livelihoods.

Advanced Strategies Beyond Basic OT Security

While traditional advice focuses on network segmentation and patch management, the organizations reducing their OT risk are implementing more sophisticated approaches:

OT-Specific Threat Intelligence: Moving beyond generic cyber feeds to understand attackers specifically targeting industrial control systems and SCADA environments

Zero Trust for Industrial Networks: Implementing microsegmentation that treats every OT device as potentially compromised, with continuous verification of access and behavior

Operational Resilience Planning: Developing detailed procedures for maintaining critical operations during extended cyber incidents, including manual overrides and alternative control mechanisms

Supply Chain OT Visibility: Mapping not just which suppliers have access to your corporate networks, but which have connectivity to your operational systems

AI-Powered Anomaly Detection: Deploying machine learning specifically trained on OT communication patterns to identify subtle indicators of compromise that traditional security tools miss

The Geopolitical Dimension

The threat landscape is intensifying due to geopolitical tensions. Nation-state actors like Volt Typhoon continue targeting energy, water, transportation, and communications infrastructure. As protectionism and isolationism increase, manufacturers must reconsider the security implications of equipment sourced during "friendly globalization" that may now represent hostile access vectors.

Strategic Questions for Supply Chain Leaders

  1. Do you have real-time visibility into which OT systems your suppliers can access?
  2. Can you maintain 60% operational capacity if your primary industrial control systems are offline for 30 days?
  3. How quickly can you isolate compromised OT segments without shutting down production?
  4. What's your financial exposure if key suppliers' manufacturing systems are compromised simultaneously?

Given that only 16% of detected OT attacks require regulatory reporting, the actual attack volume is approximately 10 times higher than publicly reported incidents suggest.

The Competitive Reality

With AI driving fresh demand for energy and manufacturing capacity, organizations that can demonstrate robust OT cybersecurity will capture market opportunities while competitors deal with disruptions. The survey shows companies are turning to technology innovation and managed services to deploy effective defenses in resource-constrained environments.

Critical insight: Organizations building comprehensive OT security frameworks now—before the next major incident—will have significant competitive advantages when supply chains get disrupted.

The data is clear: most energy and manufacturing companies are fighting a losing battle against OT cyber threats. The question isn't whether the next major attack will happen, but whether your supply chain will be among the 77% that get compromised, or the prepared minority that maintains operations when others can't.

How confident are you in your suppliers' operational technology security posture?

41% of OT Cyberattacks Go Completely Undetected (And Your Supply Chain Is Next)