Adaptive AI tools leave firms exposed to attack

​​​​​​​​​​

Nearly 70% of organizations rely on adapted IT cybersecurity standards for operational technology (OT), despite OT requiring a specialized approach  – creating a preparedness gap that increases cyberattack risk, according to new research from SOC-as-a-service provider, e2e-assure.

The findings show that 32% of surveyed IT Decision Makers admit they currently rely on detection platforms originally built for IT and “adapted” for OT.   This puts organizations at risk, as many are still trying to secure industrial environments with tools not designed to understand them.  “This is concerning given that 63% of IT decision makers also cited that cyber incidents in the past 12 months resulted in direct operational downtime or impacted critical OT/ICS systems,” comments Richard Groome, OT Cybersecurity Specialist, e2e-assure.

“Most adapted IT platforms struggle in OT because they’re still thinking like IT tools.  They can identify anomalies, but they often have no understanding of the business impact they have.  OT downtime isn’t just a network problem; it’s a process problem, and if you can’t interpret what an alert means for a running plant or production line, you’re not preventing downtime, you’re just creating noise.”

The research highlights structural weaknesses in managing incidents across converged environments with 28% of respondents saying they still rely on manual or ad hoc coordination between IT and OT security teams, while a further 37% say full technical integration remains a priority despite using a shared IT/OT platform.

“While extending IT platforms into OT is an obvious route to take, it creates a critical preparedness gap where organizations may have large volumes of data but lack the visibility needed to understand what it means in an operational context,” continues Groome.  “Without clear insight, teams are unable to interpret alerts or assess their impact on live environments, limiting their ability to act decisively.  This is compounded by the fact that our research reveals that only 15% have deployed passive visibility tools specifically designed for industrial control systems, leaving many organizations without the real-time visibility required to translate data into actionable intelligence and reduce operational risk.”

The challenge becomes more acute as connectivity expands.  “The volume of data being ingested is often not understood or actionable, meaning incidents may still be missed. More connected does not automatically mean more secure, particularly where exposure increases faster than coordinated response capability,” adds Groome.

“Organizations are beginning to recognize that the challenge is not simply a lack of technology, but how effectively it is used, and it is encouraging to see that 63% of leaders are increasing budgets for workforce training and role clarity, the highest prioritized budget area.”

The research also highlights shifting priorities across OT security programmes, with supply chain risk emerging as a key area of investment following recent breaches.  Investment now is critical, given that previously shared findings showed the financial consequences of these preparedness gaps are rising, with almost a quarter (23%) of the most severe OT downtime incidents costing over £1 million, and 6% of incidents exceeding the £5 million mark.