The OT Cybersecurity Crisis: 68% of Manufacturers Can't Detect a Breach Within 24 Hours

A new report from Dragos, the industrial cybersecurity firm, paints a stark picture of operational technology security in manufacturing. Of 620 facilities surveyed across North America and Europe, 68% said they could not detect a network intrusion in their OT environment within 24 hours. Nearly a quarter said they had no OT-specific monitoring at all.

The problem isn't awareness — it's architecture. Most industrial networks were designed for reliability, not security. Protocols like Modbus and OPC UA were built to be open and interoperable, which also makes them trivially easy to exploit. And the average manufacturing plant runs equipment with firmware that hasn't been updated in 7+ years.

"You can't patch a PLC that's running a furnace," said Robert M. Lee, CEO of Dragos. "The business case for uptime always wins over the security case for patching. So you have to build detection and segmentation around the things you can't fix."

Spending is increasing but unevenly distributed. Gartner estimates that OT security budgets in manufacturing will grow 24% in 2026, but most of that investment is concentrated in large enterprises. Mid-market manufacturers — the backbone of most supply chains — remain exposed.

The regulatory landscape is shifting too. The EU's NIS2 directive, which took effect in October 2024, now classifies manufacturing as an essential sector subject to mandatory cybersecurity requirements. US equivalents are expected to follow through CISA's industrial control systems initiative.