Most firms use IT tools for OT security, study finds

e2e-assure has published research showing that nearly one in three organisations rely on IT detection platforms adapted for operational technology. The study surveyed 250 cybersecurity decision-makers across manufacturing, utilities, transport, government and defence.

The findings highlight a gap between the tools many organisations use to monitor industrial environments and the demands of OT and industrial control systems. Some 32 per cent of respondents said they rely on detection platforms built for IT and later adapted for OT, while only 15 per cent have deployed passive visibility tools designed specifically for industrial control systems.

This shortfall comes amid disruption from cyber incidents. Among those surveyed, 63 per cent said incidents in the past year had caused direct operational downtime or affected critical OT or ICS systems.

Coordination gaps

The study also highlights weaknesses in how organisations manage security across converged IT and OT environments. It found that 28 per cent still depend on manual or ad hoc coordination between IT and OT security teams, while 37 per cent use a shared platform across both environments.

These figures suggest many businesses have yet to establish a joined-up approach to incident handling in operational settings, where response times and system visibility can directly affect production and services.

Richard Groome, OT Cybersecurity Specialist at e2e-assure, said: "Most adapted IT platforms struggle in OT because they're still thinking like IT tools. They can identify anomalies, but they often have no understanding of their business impact. OT downtime isn't just a network problem; it's a process problem. If you can't interpret what an alert means for a running plant or production line, you're not preventing downtime, you're just creating noise."

The research argues that extending established IT security platforms into OT environments can leave teams with large volumes of data but limited understanding of its operational meaning. In practice, that can make it harder to assess whether an alert threatens a live process, production line or critical service.

Connectivity is adding further pressure. The survey found that 70 per cent of organisations have fully or largely integrated cloud-connected environments into their IT and OT security strategies, increasing the complexity of managing exposure across systems designed with different priorities.

Groome said: "The volume of data being ingested is often not understood or actionable, meaning incidents may still be missed. More connected does not automatically mean more secure, particularly where exposure increases faster than coordinated response capability."

Rising costs

The financial impact of OT disruption also featured in the findings. Previously shared research found that 23 per cent of the most severe OT downtime incidents cost more than £1 million, while 6 per cent exceeded £5 million.

That cost backdrop appears to be influencing spending priorities. The survey found that 63 per cent of leaders are increasing budgets for workforce training and role clarity, making this the most commonly prioritised area for additional investment.

The focus on training suggests some organisations see the problem as extending beyond technology procurement. Where IT and OT teams follow different processes or lack a shared picture of incidents, the issue may lie as much in internal coordination and decision-making as in the monitoring tools themselves.

Supply chain risk is also emerging as a greater concern in OT security programmes following recent breaches, according to the study. That reflects the dependence of many industrial and public sector operators on external vendors, software providers and maintenance partners that connect into operational environments.

The research was conducted by Censuswide among cybersecurity decision-makers at organisations with between 250 and 10,000 employees. Respondents came from sectors including food manufacturing, automotive, aerospace, energy, utilities, telecoms, retail, pharmaceuticals, central government, local government and life sciences.

Across those sectors, the findings indicate that many organisations are still trying to bridge the divide between conventional IT security practices and the operational realities of industrial systems. With only a minority using OT-specific visibility tools and more than a quarter still relying on manual coordination between teams, the data points to persistent operational blind spots as cyber incidents continue to disrupt critical systems.