For manufacturing organizations throughout Europe, the Middle East, and Africa (EMEA), the rapidly changing cyber threat landscape has made it ever so important to establish a strong OT (operational technology) security program. OT systems, once isolated, are gaining access to the Internet and are thus vulnerable to a wide spectrum of threats, including ransomware, cybercriminals, terrorist actors, or even state-sponsored actors. Embedding OT security maturity into operational and cultural processes is essential to counter modern cyber threats. Security setting for manufacturers, especially SMEs, starts with learning their threat profile and adapting risk-mitigation plans that combine cyber and process safety principles.
Process safety has been an integral part of industrial operations for the past several decades. Its approach has immense value as a model in OT cybersecurity. One may identify critical assets, assess potential impact, impose controls, and integrate cybersecurity requirements into an already existing process safety procedure to provide manufacturers with continuity and resiliency. Besides integrating safety and security, this approach intensifies protection levels while also making it easier to comply with increasing regulatory requirements from NIS2 to IEC 62443 and build a culture of security and responsibility among manufacturers.
When it comes to OT security maturity, pragmatic measures that are easily implementable by resource-constrained SME manufacturers are the name of the game. Setting up an asset visibility program, network segmentation, and simple threat detection can attain significant value without requiring massive overhauls. Meanwhile, cultural alignment across IT and OT teams is essential. History-level differences among these functions, with risk ownership sharing, direct communication, and shared objectives, are usually glossed down by the enlightened CISOs and plant managers.
Organizations must recognize that advancing OT security maturity is not merely a technical activity—it is the cybersecurity ingrained in the operational DNA of manufacturing. They can then begin aligning cyber objectives with safety and productivity, emphasizing collaborative efforts between IT and OT and respecting established standards to ensure a credible and future-ready defense posture. This is not a path one journeys in a straight line- there are indeed zigzags, but small manufacturers can chart the path to maturity in OT security, balancing safety, compliance, and operational excellence with commitment and clarity.
Developed by practitioners, for practitioners, the first ‘Industrial Cyber Days Manufacturing’ conference, focused on the EMEA region, will tackle these challenges, among others. Unique as the sole virtual manufacturing cybersecurity conference, presenting a vast quantity of actionable content, the conference provides real-world applicability by tackling urgent OT cybersecurity challenges head-on and presenting the latest thinking on scaling security across operations, from small and medium-sized manufacturers to large-scale enterprises.
Attendees can anticipate real-time, actionable insights, leaving with plans and solutions prepared to execute the following day. They will benefit from a collaborative community experience, convening leading manufacturing CISOs, OT cybersecurity professionals, and energetic panels dedicated to creating an industrially resilient ecosystem. Attendees will feel inspired by the power of community and peer-to-peer sharing of knowledge, making this an unusually valuable experience in the manufacturing cybersecurity space.
Weighing in on OT threats, risk strategies across EMEA
Industrial Cyber reached out to industry executives to explore how evolving threats, particularly those targeting OT environments, influence manufacturers across EMEA to rethink their approaches to risk management and operational resilience.
“Due to the inherent nature of tight IT/OT integration in manufacturing, the vertical is facing a continuation of threats that are causing production impacts,” Mike Hoffman, technical leader at Dragos, told Industrial Cyber. “As an example, in the 2025 Dragos YIR report, the number of ransomware attacks increased 87% in 2024, and manufacturing was involved in 69% of 1693 incidents during the last year. Over 75% of the cases involved some sort of operational disruption.”
He pointed out that leadership in manufacturing is starting to act on these threats and increasing network-based detection capabilities, signing up for OT specific incident response retainers, and increasing backup and recovery capabilities.
Saltanat Mashirova, product management lead at Honeywell, mentioned that operational resilience is becoming a key priority for manufacturers across EMEA, especially as they adopt emerging technologies like cloud, AI, cloud-based access control, etc.
“To address evolving OT threats, organizations must build resilience from the ground up,” Mashirova told Industrial Cyber. “They should enhance incident response, invest in OT continuous monitoring, and promote cross-functional collaboration to improve operational resilience while ensuring business continuity and compliance in an increasingly hostile cyber environment.”
“Manufacturers throughout the region are increasingly recognizing that cyber threats are rapidly shifting toward OT environments,” Claudio Sangaletti, OT leader at medmix, told Industrial Cyber. “In response, many companies are proactively developing and implementing comprehensive OT security programs. These initiatives aim not only to safeguard critical assets but also to establish robust business recovery plans to swiftly address and mitigate the impacts of potential attacks.”
He added that by prioritizing OT security, organizations can enhance their resilience in the face of evolving cyber risks.
Andres Prieto Anton, an industrial cybersecurity expert, told Industrial Cyber that across EMEA, the rise of ransomware and nation-state threats targeting OT has reshaped manufacturers’ approach to risk. “Unlike IT, OT systems often run legacy assets not designed with security in mind, making them vulnerable. As a result, we’re seeing a shift from reactive incident response to proactive risk management.”
“Manufacturing companies are embedding cybersecurity into operational resilience plans, treating it not just as a technical issue but a business continuity imperative,” Anton said. “The focus is increasingly on visibility, segmentation, and building collaboration between teams that understand both cybersecurity and industrial operations.”
“This discussion is now involving multiple stakeholders within the organization, and also a tighter bond with the suppliers and vendors to be resilient,” Jeba Renold, OT security expert at Covestro, told Industrial Cyber. “Also, setting up a resilient cyber program involving multiple disciplines within the organisation helps set a growth path to the evolving threats.”
Embedding Process Safety into Cyber Strategy to Drive OT Security Maturity
Drawing on their regional experience, the executives discussed some of the most effective ways organizations are extending traditional process safety principles into the cyber domain. They also addressed why this shift has become increasingly critical in today’s threat landscape.
Mashirova observed that plants adhere to risk criteria for losses, defined by regulatory agencies or industrial organizations that are responsible for ensuring safe operation of plants. “These risk criteria (environmental, individual, societal, and financial) are independent of the cause of the loss. It can be triggered by a safety issue, or it can be triggered by a cyber-attack. The severity of the loss is the risk tolerance criterion. Not only does safety need to meet these criteria, but also cybersecurity needs to meet these criteria, because the consequences of a cyber attack are similar loss like a process safety incident.
She added that this shift is crucial due to increasing digitalization and connectivity in processes. “For example, if we take a greenfield project now, and analyze loss scenarios, the hackable loss scenarios might reach 70%-80% because the automation systems are increasingly using virtualization, virtual I/O, etc.”
“Operational resiliency should always be at the forefront of asset owners’ and operators’ minds,” Hoffman said. “Working together as a holistic team to identify critical systems, also known as ‘crown jewels,’ is essential to understanding where preventative, detective, or response controls should be focused.”
He added that OT cybersecurity is not a technical issue on its own, run by isolated teams. It requires an understanding of operations and working with operations and engineering to ensure plans and systems are well defended.
Sangaletti said, unfortunately, many companies still struggle to recognize that a cyber incident can significantly compromise both safety and security. “One of the crucial first steps for any organization is to implement a robust awareness program aimed at educating employees about this critical issue. It’s essential for everyone to understand that an incident in the OT sector can put lives at risk and threaten valuable assets. This awareness is not just an organizational necessity; it represents a fundamental shift in mentality that can ultimately safeguard both personnel and operations.”
He noted that embracing this change is vital for fostering a culture of security that prioritizes proactive measures and preparedness in the face of potential threats.
“Organizations are increasingly embedding cybersecurity into traditional process frameworks, recognizing that cyber threats can cause real-world physical consequences,” Anton mentioned. “By treating cyber risks as safety risks—alongside fire, explosion, or equipment failure—they’re able to use familiar tools like risk matrices and safety cases to assess and mitigate threats. This collaboration between engineers and dedicated cybersecurity teams makes cyber more tangible for operations. It’s a critical shift, especially as connected systems grow and the line between digital compromise and physical impact continues to blur.”
Renold observed that it is an added step in the planning and execution, but this discussion is now taken up with the vendors and suppliers, too. It is very much needed to have security by design, at least at the early stages of the project.
Practical paths to OT Security maturity for SME manufacturers
For small and mid-sized manufacturers, the journey to OT security maturity can look very different. The executives offer practical advice on building sustainable programs that align with limited resources and the realities of daily operations.
Hoffman said that in the last few years, SANS has worked hard to understand what security controls could have reduced the impact of known attacks against critical infrastructure.
From that work, Tim Conway and Rob M. Lee created the 5 Critical Controls for ICS/OT Cybersecurity for organizations to begin to immediately apply in their environments to reduce the impacts from cyber threats to operations. The controls are:
- ICS Incident Response Plan
- Defensible Architecture
- ICS Network Minitory Visibility
- Secure Remote Access
- Risk-based Vulnerability Management
“For organizations of any size, these controls provide a guiding light to begin to implement, starting with an IR plan that could be worked on today,” Hoffman added. “Other controls may take more time and money, but they are key to implement in order to ensure a defended environment.”
Mashirova identified that there are several approaches here. “Manufacturers could choose a controls-based route, and select fundamental controls from ISA 62443 and NIST 800-82 to follow. A more risk-based approach would be to start identifying the most critical functions, such as BPCS, SIS, or EMS, that would have the highest impact if compromised. Cybersecurity investment can then be made based on these critical areas. Partnering with trusted MSSPs can help bridge resource gaps.”
Additionally, she stated that collaborating with industry partners and participating in information-sharing networks can keep manufacturers informed about emerging threats and best practices. Starting small, building incrementally, and aligning cybersecurity with operational goals will ensure long-term sustainability within budget and workforce limitations.
“When developing an OT security program, the size of your company plays a crucial role. Small and midsize enterprises often lack the financial and human resources to establish a program akin to that of larger corporations,” Sangaletti said. “Therefore, my recommendation is to focus on achievable objectives and foster a culture of security awareness among employees. It’s essential to prioritize processes that can be easily implemented by staff rather than investing in complex, high-cost tools that may require extensive budgets and commitment.”
He added that by cultivating an informed workforce and promoting security best practices, organizations can create a resilient foundation for their OT security, tailored to their unique needs and capacities.
“The path to OT security maturity starts with clarity and focus. Begin by identifying critical assets and understanding how they connect and operate—this forms the foundation,” according to Anton. “From there, implement basic but high-impact controls: network segmentation, secure remote access, and network visibility. Instead of aiming for perfection, take an incremental approach using standards like IEC 62443 to guide progress. Most importantly, embed cybersecurity into people, daily operations, and leadership agendas—when it becomes part of the personal/business mindset, resilience becomes achievable and lasting.”
“Plan the cybersecurity journey with a holistic approach,” Renold said. “Addressing existing issues with future perspective and the upcoming projects to be planned with the lessons learnt from the previous infrastructure.”
Aligning IT/OT Culture to Accelerate OT Security Maturity
As IT/OT convergence continues across many sectors, executives shared how organizations in their countries and industries manage the cultural shift, particularly in aligning cybersecurity goals across engineering, operations, and IT.
Hoffman disclosed that many manufacturing organizations are being pushed to boost operational efficiency and profitability by adopting AI and cloud technologies. “While these innovations offer major advantages, they also increase cyber risks and reliance on IT systems. As a result, cross-functional collaboration among operations, engineering, IT, and OT security teams is growing to both harness these capabilities and mitigate new threats.”
He added that this shift is driving a cultural change where all team members are valued and empowered to voice concerns, ensuring informed and inclusive decision-making.
Identifying that the process begins with an initial workshop, Mashirova said that to determine what needs protection, how to protect it, and why it should be protected, all stakeholders, such as engineers, operators, safety teams, IT teams, and CISOs, should participate in the workshop together.
“The operation team explains the function of each component, safety teams discuss loss scenarios and initiating event frequencies along with safeguards, while IT professionals outline how technologies manage these processes,” she added. “Following this workshop, a proper functional scope, data flow diagrams with channels, critical assessment, cyber-attack scenarios, and more can be developed, establishing a solid foundation for collaboration between the teams.”
Sangaletti mentioned that IT/OT convergence remains an essential focus for organizations aiming to advance their security programs. “However, significant disparities still exist between the operational methodologies of OT and IT. To bridge this gap, it is imperative to establish a dedicated OT organization that not only aligns seamlessly with IT processes but also delineates the distinct differences inherent in OT practices.”
He added that this alignment can foster better communication, enhance security protocols, and ultimately lead to a more integrated and resilient operational framework.
“The cultural shift starts with mutual understanding. Early maturity means simply getting IT and OT in the same room—sharing priorities, risks, and language,” Anton highlighted. “From there, organizations mature by fostering collaboration through elaborating existing tools on both worlds that could improve security: understanding that tools could be managed by other teams that are not the traditional ones.”
He added that over time, this collaboration evolves into shared governance models and, ultimately, unified teams with joint accountability. The most successful organizations view convergence not just as a technical alignment but as a cultural transformation rooted in shared goals around resilience, safety, and performance.
Renold identified that most of the time, the cost benefit drives the IT/OT convergence, however, it is also interesting to note that mature IT security tools are also helping in shaping a secure OT interface with IT infrastructure for advanced services and analytics.
Using Standards to Strengthen Regulatory Culture and OT Security Maturity
Frameworks like ISO/IEC 27001 and standards such as ISA/IEC 62443 are widely referenced. The executives reflected on what distinguishes organizations that treat them as simple checklists from those that leverage them to drive long-term cybersecurity culture and resilience.
“Companies should implement an OT Governance, Risk, and Compliance strategy. Security architecture, engineering, and operations are built upon this foundation,” Mashirova said. “In a unified OT GRC approach, a continuous compliance program should integrate with cyber-physical risk management. ISO 27001, primarily applicable to IT, can be used for both OT and IT when alignment with one standard is needed.”
She added that ISA 62443 is widely recognized as a best practice standard. “Integrating the efforts of known frameworks, compliance (particularly in regulated industries), and cyber-physical risk management into a single platform will enable asset owners to adopt a risk-based approach, comply with regulatory requirements, and follow best practice frameworks.”
Hoffman flags that awareness, understanding, and proper implementation are essential when applying OT security frameworks and standards. “A common phrase I hear is ‘product ‘x’ needs to be compliant with ISA/IEC 62443.’ This statement reflects a lack of understanding or engagement with the standard’s full scope.”
He added that to use a framework effectively, individuals must first read and understand it, identify applicable sections, incorporate them into organizational policies, and implement those policies. Governance documents should also be regularly reviewed, understood by those they impact, and integrated into daily ICS/OT cybersecurity operations.
“In practice, frameworks and standards are frequently utilized merely to achieve a checkbox status, allowing companies to present compliance during audits or adhere to specific regulations,” Sangaletti said. “However, regulations such as NIS2 should be viewed as a unique opportunity for organizations to cultivate a lasting culture of awareness and responsibility among their employees. To truly embed this culture into the fabric of the organization, it is essential that every level of the company, starting with the executives, embraces and actively participates in the process.”
By doing so, Sangaletti added that it can establish a resilient environment where security and compliance are prioritized not just as requirements, but as core values integrated into daily operations. This holistic approach ensures that all employees, regardless of their position, understand their role in fostering a compliant and secure workplace.
“The real difference comes from ownership and contextualization. When organizations map ISO/IEC 27001 or ISA/IEC 62443 to their actual processes and threats—instead of treating them as checklists—they become meaningful tools,” Anton said. “Embedding KPIs tied to these standards in operational metrics helps reinforce behaviors. Continuous training, internal audits, and involving frontline operators in assessments also build a culture of accountability. Ultimately, it’s about turning compliance from a one-time exercise into a daily practice that supports long-term resilience.”
“Using these standards helps to have an expert opinion, however, these must be tuned and customized as per the organization’s setup and actual plant conditions, and also, these must not be hard and fast rules, as the environment and the dynamics are changing so rapidly, and so are threats,” Renold concluded. “These standards must be used as guidelines.”
