OT Cybersecurity Becomes Critical Infrastructure Priority in 2026

Operational technology (OT) and cyber-physical systems (CPS) now sit at the centre of modern critical infrastructure. As organisations connect and modernise the systems people rely on every day, OT cybersecurity has become essential to maintaining safe and reliable operations.

“We often take services like energy, water, and manufacturing for granted,” said Michael Murphy, Director of Operational Technology, APAC, Fortinet.

“The impact only becomes clear when they go down. These systems control physical outcomes, so cybersecurity directly affects uptime, safety, supply chains, public trust, and national resilience.”

OT and IT Convergence Is Expanding Risk

Historically, IT teams focused on business systems while OT teams managed industrial operations. These environments operated independently, and OT systems remained largely isolated from external networks.

Today, that separation has disappeared.

Industrial systems now connect to enterprise networks, cloud platforms, and remote users. While this delivers greater visibility and operational efficiency, it also expands the attack surface.

As IT and OT environments continue to converge, cyber incidents can create physical consequences. As a result, OT cybersecurity has evolved from a technical issue into a business-critical concern.

“Many OT environments still rely on legacy systems that are not built with advanced cybersecurity in mind,” Murphy said.

“They often lack segmentation, rely on outdated protocols, and cannot be patched efficiently without disrupting operations. As digital transformation accelerates, they become part of a much larger attack surface when they connect to broader networks.”

Visibility Remains a Major Challenge

Many critical infrastructure organisations continue to struggle with visibility across their OT environments.

As networks become more connected, complexity increases. However, many organisations still lack a complete understanding of their OT assets and how those assets interact across networks.

“Detecting unusual behaviour or responding effectively to potential threats is challenging without that visibility baseline,” Murphy said.

Legacy systems remain deeply embedded across industrial environments. While these systems are often stable and essential to operations, replacing or upgrading them is not always practical. In addition, misalignment between IT and OT teams can make security initiatives harder to implement.

Why Operational Resilience Matters More Than Perfection

Critical infrastructure organisations cannot eliminate cyber risk entirely.

Instead, they must focus on building resilient systems that can detect threats early, contain attacks, minimise operational disruption, and recover quickly.

“Ransomware groups are targeting operations and no longer focus solely on data theft,” Murphy said.

“They recognise that downtime and disruption carry a direct financial impact, meaning manufacturing, logistics, and other industrial sectors are now high-value targets. Cyber risk is now operational risk.”

At the same time, nation-state actors continue to target critical infrastructure for espionage, disruption, and strategic advantage.

These adversaries often spend significant time gaining access to and understanding their targets before launching attacks.

Strengthening OT Cybersecurity Foundations

The growing use of automation and artificial intelligence is enabling attackers to operate faster and at greater scale. Consequently, organisations have less time to detect and respond to threats.

Murphy believes organisations must strengthen the foundations of OT cybersecurity.

“This requires clear visibility across assets, networks, and system behaviour,” he said.

“Without this baseline, organisations struggle to prioritise risk or respond effectively.”

Network segmentation also plays a vital role in reducing risk. By separating systems and controlling access between environments, organisations can contain threats and reduce the likelihood of widespread disruption.

IT and OT Alignment Is Essential

Successful OT cybersecurity requires close collaboration between IT and OT teams.

Security initiatives must support operational priorities rather than compete with them. This requires shared ownership, strong governance, and a common understanding of risk across the organisation.

As industrial environments continue to evolve, this alignment will become even more important.

The Future of OT Cybersecurity in 2026 and Beyond

Looking ahead, the challenges facing critical infrastructure operators are expected to intensify.

As organisations adopt AI-driven processes, expand connectivity, and modernise infrastructure, the gap between digital transformation and cybersecurity maturity is likely to widen.

“OT cybersecurity is no longer a niche technical issue,” Murphy said.

“It is a business, safety, and resilience priority at the centre of critical infrastructure. The focus is no longer just on protecting systems. It is about maintaining operational resilience in a connected, AI-driven world through visibility and alignment.”

About Cyber News Live

Stay ahead with Cyber News Live! First, we deliver real-time reporting and sharp threat intelligence. Additionally, we provide educational content for professionals, practitioners, and curious minds. From there, whether it’s breaking breach alerts or deep dives into attack vectors, we cover it all. Ultimately, our mission is clear: we make complex cyber topics understandable. And beyond that, we ensure critical knowledge stays accessible to everyone.