How energy and manufacturing can stay ahead of cyber threats and protect their tech

Cybersecurity has become a critical capability for the energy and manufacturing sectors, especially as rising cyber threats coincide with a surge in energy demand driven by artificial intelligence (AI).

These industries are racing to secure their operational technology (OT) environments – the hardware and software systems that control physical equipment and industrial processes – which are often outdated, resource-constrained and increasingly targeted by sophisticated attackers.

To meet these challenges, many businesses are turning to technology and outsourcing to help bolster OT security with limited resources.

However, cybersecurity requires constant change amid a constant tug-of-war: attackers innovate and defenders respond with new controls, patches (vulnerability or bug fixes) and technologies to gain or maintain the upper hand.

The rapid evolution of technologies such as AI adds another layer of complexity by providing both sides of the cyber battle with new tools while requiring new investments in digital infrastructure, including the energy systems that power data centres.

In this dynamic landscape, understanding how peers across the energy and manufacturing sectors are approaching OT security in practice can help leaders make more informed, risk-aware decisions about where to invest next.

A new report from Siemens Energy and the Ponemon Institute surveys the focus of these industries on OT. For oil and gas, water and electrical utilities, petrochemicals, and manufacturing, cyber threats are frequent, vulnerabilities are common and cyber expertise is scarce.

The self-assessment of OT cybersecurity practitioners reveals that these drivers are driving investment toward technology-based solutions and OT security outsourcing.

OT cyber defences are vulnerable and businesses know it. The survey revealed:

The apparent vulnerability matters because it puts at risk the economic advantages of ongoing digitization in energy and manufacturing.

With digital systems integrated into OT workflows, companies that fail to secure their OT environments risk disruption.

The confidential survey implies that the scale of cyber threats significantly exceeds official data.

Cyber incidents reported to regulators comprise only the set of incidents that are both detected and reported to the government, either voluntarily or as a requirement.

Two big categories are missing in the numbers: attacks that successfully evade detection and attacks so unsuccessful they are blocked or fail before meeting thresholds that would merit or require reporting to officials.

When asked, businesses estimated that 41% of all attacks in the OT environment go undetected. Out of the detected attacks, just 16% required reports to regulators.

Together, these data points and a little algebra imply that the actual number of cyberattacks is about 10 times higher than what is being reported to regulators.

Maturing cybersecurity would ideally shift these numbers – more attacks would be detected and prevented before meeting thresholds requiring reports to regulators or the public.

Companies are turning to technology innovation as the answer to rising global threats. The ongoing tension between OT scarcity and cybersecurity expertise, combined with the continuous effort required to deploy and maintain mature OT security, drives this investment.

OT cybersecurity requires continuous effort. Cyber threats continue to evolve, assets in need of protection change over time and regulatory requirements have tightened in many markets.

Relatively small teams require solutions that enable the deployment and maintenance of OT security capabilities capable of detecting and deterring persistent threats backed by nation-states.

These drivers produce a clear industry consensus about the top priorities for investment. When asked to select the most important technologies for OT cybersecurity, more than a third of all responses converged on the same four innovations:

Each of these is a technology solution that automates, streamlines or outsources recurring tasks that require cybersecurity and OT expertise.

The survey shows that, in relation to OT security solutions, 45% of companies are already outsourcing, while another 26 percent are considering it as an option. Further, 52% of companies plan to invest in one or more technologies within 12 months, while 27% are already using relevant technologies.

Overall, the survey reveals an industry that is vulnerable to cyber threats yet is striving to mature its cybersecurity.

As power-hungry AI drives fresh investment in new infrastructure, technology solutions and managed services offer a promising path to deploy and sustain effective defences in ever-changing OT environments.