Cyber security is no longer an optional safeguard for industry, it is a cornerstone of operational success which has become immensely more complex in the wake of digital transformation.

By Lee Carter Industrial Cyber Security Product Manager, SolutionsPT

Rapid adoption of digital transformation and connectivity while operating legacy systems is creating a complex and often precarious security environment. As I shared at our 2025 Cyber SecureOT conference, industrial cyber security can no longer be treated as an optional add-on. It has become a core business enabler, critical to resilience, safety, and competitiveness.

Recent data from Statista shows that manufacturers experience the highest rate of cyber-attacks when compared to other industries, and that cyber threats are constantly growing in sophistication and frequency. As keynote speaker at Cyber SecureOT 2025, I took the opportunity to set the tone for the day with the controversial statement: ‘digital transformation is putting your business at risk’. This talk led to some valuable conversations with industry leaders on the latest trends in cyber resilience.

The risk of cyber threats should not be taken as a reason to slow the pace of digitalisation, far from it. Instead, when future proofing their operations, organisations should also make cyber security a priority for almost every job role. That’s because employees can influence cyber security at every stage of the digital transformation journey from strategy and planning to implementation and adaption.

With that in mind, there are three key trends that are currently changing how OT systems are protected.

Growing complexity 

Innovative business practices and technologies are exposing industrial enterprises to new threats and fundamentally changing how cyber security should be approached. Breaking down information silos, converging the worlds of OT and IT and connecting previously isolated systems is increasing productivity levels and future proofing operations. However, they extend the attack surface. These innovations are also exposing industrial enterprises to new threats and fundamentally changing how cyber security should be approached.

In a statement issued alongside its latest annual review, the National Cyber Security Centre (NCSC) noted a rise in hostile activity in the country’s cyberspace: “ransomware attacks continue to pose the most immediate and disruptive threat to our critical national infrastructure” like energy, water, transportation, health, and telecoms.

The full NCSC Annual Review 2024 also notes that manufacturing is among the top sectors reporting ransomware activity in the last year, with a view to target industrial control systems. Kroll’s global State of Cyber Defence 2024 report backs this up by identifying manufacturing as one of the most targeted industries by ransomware – and despite being more advanced in threat detection than other sectors, 25% of manufacturers responded that they only employ basic security capabilities. It is understandable that a sector leading the way in modernisation is at the most risk, and to combat this the whole supply chain must assess risk, invest in training and keep processes up to date in order to increase resilience.

To build a culture of cyber security, industrial businesses can draw on guidance from a dedicated training partner. Upskilling teams will help them to understand how their roles fit together to strengthen incident response. It will also improve visibility of cyber security across operations to move industry a step closer to IT-level security in OT environments.

Industrial AI

During Cyber SecureOT Deon van Aardt, Marketing Manager at SolutionsPT, shared insight on industrial AI and how it is changing the game for almost every application. Industrial AI goes beyond deploying smart algorithms to create AI-supported digital twins, generative design co-pilots, and autonomous control systems. These rely on vast amounts of data and connectivity, making AI both a target and a tool when it comes to protecting OT environments.

Human-supervised AI can analyse patterns in network traffic or find anomalies that may indicate a cyberattack. But without the right training and continuous monitoring by dedicated teams, these same systems could be manipulated in an attack to disrupt operations. Businesses exploring industrial AI must seek auditable systems that algin with cyber security best practices like zero trust architectures and restricted access control.

Supply chain resilience

Cyber SecureOT 2025 was a showcase for the importance of protecting OT systems at the level of an individual business. However, with a connected supply chain, it becomes the responsibility of every industrial business to protect against cyber-threat. Failure to do so could have a major impact on end customers, as well as the UK’s growth and competitiveness.

While cyber resilience can seem daunting, it can be simplified through upgrading without migrating. Enhanced asset performance, energy efficiency, business agility, end-to-end connectivity, and most importantly cyber resilience can be unlocked together through supported modernisation.

The EU’s NIS 2 Directive and Cyber Resilience Act (CRA) has rightly raised the bar for security standards across the board. The CRA provides industry with a clear regulatory structure to drive consistency and set a high bar for security practices. However, it also demands a shift in how products are designed, developed, deployed, and maintained. This may pose a challenge for organisations with limited resources or who are just starting out. Working with an accredited training provider and dedicated partner will ensure OT teams are at the top of the cyber security game.

Data visibility sits at the heart of cyber resilience. Without it, businesses will be flying blind in their efforts to detect, mitigate, and recover from threats. Access to data in real time across multiple assets and locations is essential for teams to detect and address anomalies such as unauthorised access attempts. Furthermore, analysing historic data will provide insight into potential vulnerabilities, highlighting where cyber-attacks could happen and how to mitigate risks before they happen.

Despite all the best efforts to secure a system and protect the data crown jewels, we sometimes have to accept that an attacker may gain access. This may result from system complexity, oversight, human error or a simple misconfiguration.

In these circumstances, rapid recovery to a known good state is paramount. At NCSC’s CyberUK event in May, one key takeaway was to focus less on attack prevention and more on impact reduction. It’s a matter of when (not if) something untoward will happen, whether that’s a cyber incident, misconfiguration or simply device failure.

Skills for a shared responsibility

The world of industrial cyber security is advancing fast, creating a complex task for operators everywhere in the supply chain. Cyber security is everyone’s responsibility, whether you are a solutions provider, an end user, or play a role in the supply chain. There is not a single job role that won’t be affected by cyber security in one capacity or another. While addressing cyber security may seem like a daunting task, SolutionsPT is on hand to simplify the complex process and ensure protection is designed specifically for the OT environment. Learn more about cybersecurity skills for the OT environment today: FY25_On Demand Webinar Assessing Cyber Security Risks

Read other recent news: https://industrial-compliance.co.uk/category/news/