A recent joint study conducted by VDC Research in collaboration with cybersecurity experts has thoroughly analyzed the current state of security in Operational Technology (OT), which encompasses the hardware and software systems that monitor and control physical processes in industrial environments.
The study, based on a sample of over 250 decision-makers in the energy, utilities, manufacturing, and transportation sectors, highlights key technical and strategic trends in the field of industrial cybersecurity.
Cross-Sector, High-Impact Economic Losses
The study paints a clear picture: the economic damage caused by an OT attack extends far beyond data loss or system compromise, encompassing a wide range of direct and indirect costs. Companies are often faced with:
• loss of revenue opportunities;
• unplanned production downtime;
• waste and inventory losses;
• damage to machinery and infrastructure;
• incident response expenses, including intervention by internal or external teams
potential extortion payments;
According to estimates, nearly 10% of respondents in the EMEA region believe that each individual OT cybersecurity attack could cause damages exceeding $5 million over a two-year period.
The Critical Issue: Unplanned Downtime
One of the most pressing issues highlighted by the study is unplanned downtime, often triggered by targeted attacks on OT infrastructure. 59.6% of survey participants reported that such disruptions last between 4 and 24 hours, significantly impacting productivity, revenue, and corporate reputation.
Production process interruptions not only affect daily operations but also undermine the trust of customers and stakeholders, making the need for a robust industrial cybersecurity strategy increasingly evident.
Toward a Culture of Industrial Cybersecurity
The growing sophistication of attacks and their ability to target complex and distributed systems demand a paradigm shift. OT security can no longer be considered a secondary or marginal concern—it must become an integral part of an organization’s overall strategy, with targeted investments in prevention, early detection, and effective incident response.
As various industry experts emphasize, neglecting cybersecurity means jeopardizing efforts to ensure operational continuity and safeguard profitability. The stakes are high, and the failure to act promptly could result in unsustainable losses for industrial enterprises.
To help businesses and public administrations strengthen their OT and IT security, microcyber provides concrete tools, specialized training, and technical consulting. These services are particularly geared toward supporting small and medium-sized enterprises and public entities in assessing cyber risk and adopting appropriate defense solutions—ultimately boosting the cyber resilience of both companies and the public sector.
