SOC-as-a-service provider, e2e-assure, today unveiled new research revealing that a third of surveyed organisations are relying on IT cybersecurity processes and standards, despite operational technology (OT) requiring a specialist approach, resulting in a preparedness gap that leaves them at increased risk of a cyber attack.

The findings show that 32 per cent of surveyed IT Decision Makers admit they are currently relying on detection platforms originally built for IT and “adapted” for OT. This puts organisations at risk, as many are still trying to secure industrial environments with tools that were not designed to understand them.

This is concerning given that 63 per cent of IT decision makers also cited that cyber incidents in the past 12 months resulted in direct operational downtime or impacted critical OT/ICS systems.

The research points to structural weaknesses in how incidents are managed across converged environments, as 28 per cent of surveyed respondents still rely on manual or ad hoc coordination between their IT and OT security teams, while 37 per cent of organisations have a shared platform for both IT and OT environments, but full technical integration needs to become a priority. 

Richard Groome, OT Cybersecurity Specialist at e2e-assure, commented: “Most adapted IT platforms struggle in OT because they’re still thinking like IT tools. They can identify anomalies, but they often have no understanding of the business impact they have. OT downtime isn’t just a network problem; it’s a process problem, and if you can’t interpret what an alert means for a running plant or production line, you’re not preventing downtime, you’re just creating noise.”

While extending IT platforms into OT is an obvious route to take, it creates a critical preparedness gap where organisations may have large volumes of data but lack the visibility needed to understand what it means in an operational context. 

Without clear insight, teams are unable to interpret alerts or assess their impact on live environments, limiting their ability to act decisively. This is compounded by the fact that only 15 per cent have deployed passive visibility tools specifically designed for industrial control systems, leaving many organisations without the real-time visibility required to translate data into actionable intelligence and reduce operational risk. 

The challenge is becoming more acute as connectivity expands, as 70 per cent of organisations have now fully or largely integrated cloud-connected environments into their IT/OT security strategies. However, without improvements in visibility and coordinated response, increased connectivity risks widen the gap between exposure and resilience. 

At the same time, many organisations are unable to measure the effectiveness of their risk reduction measures, as 28 per cent of businesses still rely on manual or ad hoc coordination between IT and OT teams, and only 37 per cent operate a shared platform to deliver alignment and visibility across teams.

“The volume of data being ingested is often not understood or actionable, meaning incidents may still be missed. More connected does not automatically mean more secure, particularly where exposure increases faster than coordinated response capability”, added Groome.

Encouragingly, organisations are beginning to recognise that the challenge is not simply a lack of technology, but how effectively it is used. Sixty-three per cent of leaders are increasing budgets for workforce training and role clarity, the highest prioritised budget area.

The research also highlights shifting priorities across OT security programmes, with supply chain risk emerging as a key area of investment following recent breaches. Investment now is critical, given that previously shared findings found the financial consequences of these preparedness gaps are rising, with almost a quarter (23%) of the most severe OT downtime incidents costing over £1 million, and 6 per cent of incidents exceeding the £5 million mark.

Without purpose-built visibility and a distinctive IT and OT security strategy, organisations will continue to struggle to translate data into action, leaving the preparedness gap that threatens operational disruption. 

 

About e2e-assure

e2e-assure has provided expert SOCaaS solutions powered by our SaaS SOC platform, CUMULO, to government and CNI organisations for over a decade. Our 24/7/365 UK-based Security Operations Centre, staffed exclusively by NPPV3 and security cleared cyber professionals, is dedicated to rapid, expert response for nation critical organisations.  

Unlike providers locked into specific technologies, our fully owned SaaS SOC platform, CUMULO, integrates with your existing security stack to optimise the value of your existing investments. With UK data sovereignty guaranteed and an unwavering focus on SOC excellence, we help you build resilience, reduce risk, and stay ahead of threat actors with confidence.

Methodology

The research was conducted by Censuswide, among a sample of 250 Cybersecurity DMs in businesses with 250-10,000 employees across the following industries: Food manufacturing, Discrete manufacturing, Critical National Infrastructure, Automotive manufacturing, Aerospace, Energy & Renewables, Utilities, Transport and Logistics, Retail  (e-commerce, supermarkets, department stores, electronics, health & beauty etc), Pharmaceutical Manufacturing, Medical manufacturing, Electronic manufacturing, Chemical manufacturing, Metal Manufacturing, Telecomms, Central government, Local government, Defence, and Life Sciences. The data was collected between 05.01.2026 – 09.01.2026. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.