Vinay Biradar is an Associate Director at Frost & Sullivan with over 11 years of experience advising clients globally on their cyber security, digital transformation and go to market needs. He believes that OT security is no longer an afterthought but a focal point of a company’s digital transformation thanks to Industry 4.0 and increasing digitisation. Organisations are now aware that state-sponsored actors and cyber criminals are capable of exploiting security gaps in key infrastructure to cause serious harm and supply chain issues. According to Frost & Sullivan, major corporations throughout the world want to increase their spending on OT security, and here, Vinay Biradar looks at the growing market for OT security, and how companies might move forward with its implementation.

The growing need for OT security

OT systems become significantly more vulnerable to cyber threats as they integrate with IT infrastructure. According to market data, 90% of firms experienced at least one OT system intrusion incident in the previous calendar year. These worries are worsened by the expansion of zero-day threat vectors in this field and the inadequate security features built into Internet of Things (IoT) and OT equipment. Security is compromised by problems such as system-level attacks, lax device management, and inefficient authentication. Risks are exacerbated by poor patch management and program updates. Non-compliance by IoT manufacturers, inadequate network segmentation between IT and OT, public OT network access, and weak identity management further increase vulnerability. Weak encryption, insecure data transfer, misconfigurations, firmware glitches, and a lack of secure update mechanisms add to the security woes of these systems leading to a variety of different attacks:

• Unauthorised access to SCADA (Supervisory Control and Data Acquisition) systems – where attackers infiltrate them to manipulate machinery, potentially causing safety risks or equipment damage.

• Device hijacking – where attackers gain control of OT devices, enabling eavesdropping, data theft, and operational disruption.

• Data manipulation – where cyber criminals target SCADA or Industrial Control Systems (ICS) devices to tamper with or delete stored data, leading to misinformation and compromised decision-making.

• Man-in-the-middle attacks – where attackers intercept and modify communication between devices, altering device instructions and causing malfunctions.

• Permanent denial-of-service – where attackers destroy firmware, rendering devices or systems inoperable and requiring extensive recovery efforts.

• Fraudulent identity and control panel access – where attackers use fake identities to access control panels, compromising system settings and operational integrity.

Addressing these challenges demands a multi-pronged approach involving collaboration among manufacturers, regulatory bodies, and end-users to build industry standards. Consistent adherence to security, establishment of guidelines, conformance enforcement, and widespread adoption of best practices are essential throughout the lifecycle of OT devices.

Growth areas in OT security

Infrastructure security and smart buildings are quickly becoming important growth areas for OT security for businesses. Building Management Systems (BMS) security is seeing a noticeable increase in spending and budgetary allocation from organisations, in our market studies. Building Management Systems Security is no longer the sole responsibility of the facility and operations teams; instead, CISOs are taking a more active role in harmonising the security stack as a whole and in developing Standard Operating Procedures. SOPs. While the traditional BMS Providers have started to invest in expanding their portfolio into smart buildings cyber security services, IT security vendors have started to perceive smart buildings cyber security as a new growth area and a vital component of their OT security offerings.

How should organisations prepare themselves?

According Biradar, the growth of the OT security market provides opportunities for both security vendors as well as end customers alike. As an end client, you can choose from the best-of-the-breed solutions and approaches as providers significantly increase their R&D in this area. There remain grey areas in comprehensively understanding the market opportunities and the key areas of investment. Biradar recommends that by embracing comprehensive market landscape analysis – which can feed into the organisation’s business as well as the technology roadmap, fostering industry collaboration, and prioritising security throughout the lifecycle of OT devices – organisations can stay prepared for the future.