Evolving Cyber Risks in Industrial Operations: Strategies for Resilience

With increasing convergence of IT and OT systems, industries face complex vulnerabilities that require a comprehensive, defense-in-depth approach. The piece underscores the need for regulatory compliance, workforce training and executive-level prioritization to build resilience.
June 2, 2026
5 min read
Add Us On Google

Key Highlights

  • Cybersecurity is a critical operational risk that demands immediate attention and a dedicated budget, one that goes beyond traditional IT concerns.
  • The convergence of IT and OT systems increases vulnerabilities, making industrial environments more susceptible to sophisticated cyber threats like ransomware.
  • Effective cyber risk management requires leadership commitment, clear communication of ROI and integration into organizational culture and practices.
  • Building resilience involves proactive, operational prudence, continuous training and regulatory compliance, such as USCG’s Cyber Rule for maritime security.
  • An integrated, defense-in-depth cybersecurity strategy is essential to protect assets, ensure operational continuity and maintain trust across the supply chain.
ID 409096486 © Maryna Kushnarova | Dreamstime.com
Advanced cybersecurity safeguards industrial control systems.

The days of relegating cybersecurity to an IT problem are behind us. Cybersecurity practitioners agree that the risk is a pressing operational problem that demands immediate attention and budget. 

Here’s what industrial leaders need to know with insights from ABS Consulting, a safety, risk and compliance management firm with frontline expertise managing some of the nation’s most critical cyber programs.

How should business leaders think about today’s evolving cyber risk?

Across multiple industry sectors, “cyber risk is a critical business risk,” says Michael DeVolld, senior director of maritime cybersecurity for ABS Consulting. DeVolld is a retired U.S. Coast Guard (USCG) Officer who has conducted numerous safety and compliance inspections, investigated high-profile marine casualties and established a cybersecurity program at USCG Cyber Command. “An incident will impact everyone,” he stresses.

Marco Ayala, technical director at ABS Consulting and energy market lead for the ABS Cyber Center of Excellence, echoes this outlook for the energy sector. “The digital ‘threatscape’ is evolving while operators face volatile energy prices, margin compression and supply chain disruptions, among other interconnected risks.

According to Dragos’ 2026 OT Cybersecurity Year in Review, ransomware attacks targeting the industrial sector surged 49% year-over-year in 2025, impacting 3,300 organizations globally. “Industrial organizations significantly underestimate the reach of ransomware into OT environments because they think it’s ‘just IT,’” Dragos CEO Robert Lee said in the report.

When it comes to protecting operations, the question is never whether a cyber incident would affect a company’s bottom line. It’s how much and for how long. Cybersecurity advisors note that companies can enhance corporate value through improved performance by understanding their unique operational risks and managing these proactively. 

What makes operational technology (OT) environments particularly vulnerable right now?

The convergence of IT and OT systems has changed the risk profile for industrial operators. “With more IT and OT systems converging across industrial operations, the entire energy value chain is at risk,” Ayala explains. “Systems have become even more complex, and complexity breeds vulnerabilities from both the technical and human sides.”

Over the past four decades of digitizing equipment, traditional industries have brought in emerging technologies that weren’t always fully vetted. 

Blake Benson, vice president and cybersecurity practice lead at ABS Consulting and the ABS Cyber Center of Excellence, points to a related, compounding challenge: “Industry stakeholders responsible for operating facilities and processes in critical infrastructure environments, such as energy and transportation, are increasingly grappling with the challenges of technology debt. Technology debt refers to the accumulation of systems, software and hardware that hinder operational efficiency, security and scalability.” 

In other words, older systems sitting alongside newer ones create blind spots that cyber attackers can exploit.

When an industrial operation is compromised by a cyberattack, how far does the damage extend?

Well beyond the control room, according to OT cyber practitioners. “Cybersecurity failures extend throughout the supply chain,” Ayala says. “A successful cyberattack can disrupt global trade flows, delay cargo deliveries and damage relationships with customers and partners.” In industries where reputation and reliability define competitive standing, the commercial fallout can outlast the operational disruption.

The financial exposure is just as real. “Investing in cyber risk management is the crucial move organizations can make today to stave off costly downtime from a ransomware attack or, worse, a spoofing or jamming event that not only derails the mission but also could lead to major economic and environmental consequences,” DeVolld adds.

CISOs understand the threat. But how do you get leadership across the organization aligned?

“Communicating cybersecurity, and more specifically the different approaches to managing cyber risk, to a board is not an easy task for CISOs,” Benson acknowledges. His advice: speak to return on investment. Connecting cyber risk management to operational continuity, corporate value and regulatory standing gives executives the language they need to act.

“Cyber risk management needs to be a board-level priority, with executives taking an active role in advancing resilience initiatives, not delegating it down and out of sight,” he says.

Ayala frames the operational mindset required as “operational prudence” or being proactive, situationally aware and predicting what comes next as opposed to giving in to reactive firefighting on the plant floor. That posture has to be cultivated across leadership, not just within security teams.

What does “building resilience” look like in practice?

Resilience requires more than a roadmap, say the cyber practitioners. “Between expanding attack surfaces and increasingly sophisticated threats, the stakes have never been higher,” observes DeVolld, who works directly with ports, vessel operators and terminal facilities on cyber risk compliance. “It is essential to not only understand cyber risk but also translate knowledge into decisive action that protects lives, operations and assets.”

For DeVolld, regulatory moves like the USCG’s Cyber Rule for Maritime Transportation Security Act (MTSA)-regulated vessels and facilities are a starting point. Mandatory training, he says, will transform organizational culture and will require leadership commitment at all levels.

Benson agrees that the internal work is ongoing. “There’s more work and training to be done to fully integrate cybersecurity into organizational practices that reinforce operational readiness,” he says, adding that cyber risk management must be a board-level priority with executives taking an active role.

True resilience, Ayala concludes, has to be built end-to-end, from field sensors and OT networks all the way into enterprise environments. “With stakes this high, an integrated, defense-in-depth cybersecurity strategy is no longer optional — it’s mission-critical.”

 

Free Download: Cybersecurity Compliance Action Guide

What maritime and energy operators need to know about the U.S. Coast Guard’s cybersecurity requirements, including deadlines and next steps.

About the Author

Nancy Dunnahoe

Nancy Dunnahoe

Contributor

Nancy Dunnahoe is a Folio Eddie award-winning writer and contributing editor with 17 years of experience in business communications. Nancy has developed technical and commercial content across the energy, maritime, and industrial manufacturing sectors. She previously built and scaled the content marketing function for a Fortune 500 chemical distribution company into an award-winning platform. Prior to her corporate career, she was an upstream online news editor and associate managing editor for oil and gas publications. A creative leader with a business sensibility, Nancy holds a BA degree in English-Creative Writing from the University of Houston Honors College and an MA in Arts Leadership from the Kathrine G. McGovern College of the Arts at the University of Houston. She is also a Certified Texas Master Naturalist.

Trending

Resources

June 3, 2026
Oct. 16, 2025
Oct. 16, 2025

Quiz

mktg-icon Your Competitive Edge, Delivered

Stay ahead of the curve with weekly insights into emerging technologies, cybersecurity, and digital transformation. TechEDGE brings you expert perspectives, real-world applications, and the innovations driving tomorrow’s breakthroughs, so you’re always equipped to lead the next wave of change.

Sign Me Up
marketing-image