The connectivity that made the plant smart is the same connectivity that made it reachable. Efficiency and exposure came through one door, and most boards only budgeted for the efficiency.
For most of industrial history, the equipment running a production line lived in a world of its own. The controllers, sensors, and programmable logic on the floor were never meant to touch a corporate network, let alone the internet. They were built for one virtue above all others: they had to keep running, predictably, for twenty or thirty years. Security was not a design goal because there was no attacker who could reach them.
Then we connected everything. The case for IT/OT convergence was genuinely compelling — real-time visibility into output, predictive maintenance, remote monitoring, a single pane of glass over the whole operation. The efficiency gains were real and the competitive pressure to capture them was relentless. What came along for the ride was less discussed. The moment those operational systems joined the network, they inherited every threat that has ever targeted IT, and they inherited it while running gear that has no concept of defense.
The bill is now arriving. Ransomware against industrial organizations rose roughly 64 percent in 2025, and manufacturing was the most-attacked sector for a fifth consecutive year. The World Economic Forum's Cybersecurity Outlook 2026 found that just 42 percent of organizations include IT/OT convergence in their risk strategy, which means a clear majority of the firms doing the converging have not folded the resulting exposure into how they think about risk at all.
An IT breach loses data. An OT breach stops production.
The instinct in many boardrooms is to treat OT security as IT security with a different label. That instinct is expensive. The two environments operate on opposed assumptions, and controls designed for one quietly fail in the other.
Consider patching, the bedrock of IT hygiene. On the corporate side you push updates on a schedule and reboot overnight. On the plant floor, a controller running a chemical process or a packaging line cannot simply be rebooted; the patch may not exist for a fifteen-year-old system, and applying it might require a planned outage that costs more than the risk it mitigates. Legacy industrial control systems are hard to patch, poorly segmented, and difficult to monitor, because they were never designed to be any of those things. They were designed to never stop.
In IT, a breach means data leaves the building. In OT, a breach means the building stops. One is a disclosure problem. The other shuts the line, and the line does not care about your incident-response playbook.
That difference in consequence is what attackers have learned to monetize. Ransomware-as-a-service has expanded into operational environments, packaging theft, extortion, and physical disruption into a single playbook. When you can halt a production line, you do not need to negotiate over encrypted spreadsheets. The leverage is the idle factory, the spoiling product, the missed shipment. The pressure to pay is measured in revenue per hour of downtime, and it climbs every minute the line sits dark.
Beyond utilities, into the choke points
The targeting has also broadened in a way that should concern anyone responsible for physical operations. The old mental model placed critical-infrastructure attacks in power grids and financial systems. Attackers have moved well past that, into manufacturing, healthcare, water, food, and logistics — the supply-chain choke points where a single disruption ripples outward through everyone downstream. A compromised regional distributor or a halted food-processing plant does not stay contained to one balance sheet.
Layered on top is a geopolitical dimension. State-aligned campaigns are increasingly converging with OT intrusions, which changes the risk calculus entirely. When an adversary's goal is disruption rather than profit, there is no ransom to pay and no negotiation to have. The intrusion is the objective. For operations leaders, that means some of the threat to your floor is not a criminal you can buy off but a strategic actor you can only keep out.
Visual 1 — Why IT security assumptions break on the plant floor
Assumption | IT environment | OT reality |
|---|---|---|
Patch cadence | Regular, often automated, low friction | Rare; patches may not exist; updates need planned outages |
Downtime tolerance | Reboots and maintenance windows are routine | Near zero; downtime directly halts revenue |
Equipment lifespan | 3 to 5 years before refresh | 15 to 30 years; built long before modern threats |
Impact of a breach | Data loss, disclosure, financial cost | Stopped production, physical risk, safety exposure |
How to read it: Each row shows a control that works on the left and fails on the right. The defenses your IT team relies on assume things — patchable systems, tolerable downtime, short refresh cycles — that simply do not hold on a factory floor.
What this means for leaders
Stop letting IT own a problem it cannot see. Your security team likely has limited visibility into the OT environment and limited authority to change it, because the plant has always answered to operations, not to the CISO. That governance gap is where the risk lives. Convergence on the network demands convergence in accountability, with security and operations leadership jointly responsible for the floor rather than pointing at each other across an org chart.
Segment first, because you cannot patch your way to safety. When the underlying equipment cannot be hardened, the practical defense is to contain it. Rigorous network segmentation that isolates OT from IT, and isolates critical control systems from the rest of OT, limits how far an intrusion can travel even when individual devices remain vulnerable. This is unglamorous, foundational work, and it is the single highest-leverage investment most operations can make.
Price downtime into your risk model honestly, then fund accordingly. The reason OT extortion works is that an idle line is ruinously expensive, and attackers know your number better than your board does. Calculate the true cost of an hour, a shift, a day of stopped production, and let that figure drive your security spend. Underfunding OT defense is a bet that the line will keep running, and that is precisely the bet attackers are taking against you.
The smart factory was sold as an upgrade, and in operational terms it was. But connectivity is not a feature you can take without its consequence. The same wire that streams live telemetry to your dashboard is the wire an attacker rides to reach your controllers. You cannot keep the visibility and refuse the exposure; they are the same door. The only real choice is whether you put a lock on it before someone else tries the handle.
A BusinessInfomatics original. Built from the WEF Cybersecurity Outlook 2026, SCWorld and IoT Analytics threat reporting, and PwC industrial-security research.



