For today’s connected factories, operational technology (OT) security has very much become a business priority.
OT encompasses the industrial control systems, legacy devices and machinery that power factories, many of which were designed for a pre-cloud era. As these systems become increasingly connected, they are more exposed to cyber risk, which can directly impact production continuity, worker safety and regulatory compliance. With that, OT security shifts from a technical concern to a board-level issue.
For industrial organisations, these pressures are compounded by the convergence of IT and OT systems. Historically isolated factory networks are now connected to cloud platforms, remote maintenance services and digital supply chains. While this connectivity enables new efficiencies and innovation, it also expands the potential attack surface.
“The shift happens when cyber risk stops being abstract and becomes operational,” explains Indranil Sircar, chief technology officer of Microsoft’s manufacturing and mobility industry. “When a cyber incident can halt production, affect worker safety, trigger regulatory scrutiny or disrupt supply commitments, it stops being a technical discussion. At that point, it’s about whether the business can operate safely and reliably. Boards tend to engage more decisively when cyber risk is directly tied to uptime, safety and reputation rather than data loss alone.”
The urgency is reflected in broader industry trends. A forecast by Cybersecurity Ventures, a leading researcher of the global cyber economy, often cited by those in the industry to give an idea of the scale of cybercrime’s impact, suggests that cybercrime is the world’s third largest and fastest growing economy, with costs spiralling from $3 trillion in 2015 to $10.5 trillion in 2025. At the same time, manufacturers face a shortage of cybersecurity personnel, a growing wave of sophisticated attacks and the rapid emergence of weaponised generative AI tools that allow threat actors to operate at machine speed. Identity-based attacks are also rising sharply, with many breaches occurring when attackers log in using compromised credentials rather than breaking through traditional defences.
Manufacturers often describe legacy OT environments as fragile or untouchable, fearing that any change could disrupt production. Sircar believes this perception can lead organisations to underestimate the risks of inaction. “Legacy environments were designed for a very different era – limited connectivity, predictable access and long equipment lifecycles,” he says. “What’s changed is how those systems are now accessed and integrated. Remote support, third-party maintenance and IT/OT convergence have expanded the attack surface, often without corresponding visibility or controls. In many environments today, the bigger risk is operating blind. Incremental, well-sequenced modernisation reduces operational risk compared to leaving environments unchanged and implicitly trusted.”
Recent research supports this view, with 70 per cent of OT incidents linked to unmanaged remote access or outdated IT/OT integration rather than the intrinsic fragility of industrial equipment itself, according to a report by the Industrial Control Systems Cyber Emergency Response Team.
Many manufacturers are turning to capabilities within the Microsoft Cloud for Manufacturing portfolio – including Azure, Defender and Sentinel – to strengthen security across both legacy and modern systems while laying the groundwork for an AI-enabled future.
As organisations rethink their security setup, many are exploring how established cybersecurity principles can be adapted to industrial environments. One of the most important is zero trust, a model that assumes no user, device or system should be trusted by default.
While zero trust is widely understood in IT environments, it can sometimes feel abstract or disruptive in manufacturing settings. According to Sircar, these are misconceptions.
“The biggest misunderstanding is that zero trust means ripping and replacing systems or deploying intrusive controls that disrupt operations,” says Sircar. “In OT, zero trust just isn’t a checklist or a product rollout – it’s an architectural mindset. It’s about understanding who and what is accessing systems, under what conditions and with what level of privilege, while respecting uptime, safety and legacy constraints.”
When applied carefully, this approach focuses on continuously verifying users, devices and processes before granting access, while enforcing least-privilege permissions and segmenting networks to minimise risk. Phased zero-trust implementation in industrial facilities can reduce breach probability by up to 45 per cent, according to a recent report from Gartner on OT security.
Crucially, most successful OT security programmes begin with visibility. Many manufacturers still lack a complete inventory of the assets operating across their plants. Establishing this visibility allows organisations to map communication flows, identify vulnerabilities and build a shared understanding of risk across IT, OT and security teams.
“Enforcing controls without first understanding assets, access paths and normal behaviour often creates friction and erodes confidence with operations teams,” says Sircar. “Visibility creates a shared, factual baseline across IT, OT and security. That approach is both safer and faster than attempting large-scale, one-time transformations.”
Industry research supports this phased approach. Deloitte’s 2023 Manufacturing Cybersecurity Report found that manufacturers implementing OT security in stages achieve 33 per cent faster incident response times compared to organisations attempting full-scale transformations.
Manufacturers are beginning with foundational capabilities such as asset discovery, network monitoring and identity-based access controls before moving towards more advanced protections like automated threat detection and unified security operations.
Another growing priority is the creation of converged IT and OT security operations centres. By integrating data from factory networks with enterprise security platforms, organisations can detect threats earlier and respond more effectively. Microsoft Defender XDR, Sentinel, Entra and Security copilot and agents enable security teams to correlate signals across environments, automate investigations and accelerate incident response.
Regulatory pressure is also intensifying, with governments around the world introducing new frameworks aimed at protecting critical infrastructure and industrial systems. However, Sircar cautions that compliance alone should not be the goal: “Compliance is important, but it’s not the same as resilience,” he says. “Regulations provide a useful baseline and a common language, but manufacturing environments are ultimately judged on safety, uptime and continuity of operations. A system can be compliant and still fragile. The most effective organisations treat compliance as a starting point and design security architectures around real operational outcomes – keeping people safe and the business running.”
Third-party and vendor access remains one of OT’s hardest security challenges. “Industrial environments depend heavily on external vendors, integrators and remote support,” says Sircar. “Historically, that access has been managed through shared credentials or overly permissive access models. The challenge isn’t networking alone – it’s identity, intent and governance. Shifting towards identity‑aware, least‑privilege access can significantly reduce risk without materially slowing operations. This is where deep industrial expertise and a strong partner ecosystem make a real difference.”
Looking ahead, Sircar believes the role of OT security will continue to expand as manufacturers adopt more advanced digital technologies, including AI.
“Advanced technologies depend on trusted data, reliable connectivity and secure integration across systems,” he says. “Without that foundation, AI initiatives either stall or introduce new risks. Strong OT security isn’t a blocker to innovation – it’s an enabler. Organisations that invest early in visibility, identity-aware access and unified IT/OT security operations are far better positioned to adopt AI and automation safely and at scale.”
Industry research supports this view. Manufacturers with secure OT frameworks achieve 25 to 30 per cent higher success rates when deploying AI and autonomous operations, according to the McKinsey & Company report The Future of AI and Automation in Manufacturing.
OT security is not just about defence. It can be a strategic capability that underpins operational resilience, regulatory readiness and the next generation of intelligent manufacturing.
Partner perspectives
We asked selected Microsoft partners how they are leveraging Microsoft Cloud for Manufacturing technologies to secure legacy operational technology (OT) and ensure reliable, AI-ready industrial operations.
Dr Juergen Kraemer, chief product officer at Cumulocity, says: “We asked selected Microsoft partners how they are leveraging Microsoft Cloud for Manufacturing technologies to secure legacy operational technology (OT) and ensure reliable, AI-ready industrial operations.”
Martin Lowry, product manager, IoT at GlobalSign, says: “Strong device identity is critical for securing legacy OT and preparing for AI-driven operations. By integrating the GlobalSign IoT Device Identity Platform with Microsoft Azure IoT Hub, we provide a secure, certificate-based onboarding pipeline. Our public key infrastructure-driven device identity services issue and manage digital documents that represent a user, computer, service or device, known as X.509 certificates. This enables automated, scalable authentication, reducing risk and ensuring legacy assets can securely support reliable, AI-ready industrial operations.”
Discover more insights in the Spring 2026 issue of Technology Record. Don’t miss out – subscribe for free today and get future issues delivered straight to your inbox.