Cyber security | 16 December 2025

OT cyber security risks have increased as Operational Technology (OT) environments have rapidly converged with IT networks. Whilst this has increased efficiency and reduced downtime, it has also exposed critical infrastructure to a new spectrum of cyber threats which could lead to disastrous consequences.

While malware, ransomware and zero-day exploits often dominate headlines, the most persistent source of OT cyber risk is far more familiar: the human element. For instance, around 95% of data breaches occur due to human error. The overall global cost of cybercrime is projected to exceed $20 trillion by 2026 – Human Risk Management has never been so critical.

Understanding these human-driven weaknesses is key to strengthening OT security. In this blog we will explore why these vulnerabilities occur and what organisations can do to manage this risk.

Why are Humans a Key OT Cyber Security Risk?

 1.     Lack of Cyber Awareness amongst OT Personnel

Historically, OT teams prioritised availability and safety over cyber security. Because industrial systems were once air gapped, many technicians were never trained to recognised cyber risks such as:

• Clicking phishing emails or plugging infected USB devices into HMI’s or engineering workstations.
• Weak or shared passwords on PLC’s, RTU’s and ICS interfaces.
• Misunderstanding basic cyber hygiene principles, such as patching and network segmentation.
• Assuming legacy systems are ‘too old to hack.’

As attackers increasingly target OT environments, this lack of awareness becomes a major vulnerability.

 2.     Skill Gaps between IT and OT teams

Modern industrial networks blur the line between IT and OT, yet many organisations still operate in silos. OT engineers maybe experts in control loops, turbines and SCADA, but less comfortable with cyber security. Meanwhile, IT teams often lack knowledge of process safety, real-time constraints, and system uptime needs. These mismatches can lead to:

• Misconfigured firewalls between IT and OT environments.
• Patch schedules that disrupt industrial processes.
• Unsecured remote access tools secured for convenience. 
• Over reliance on outdated protocols - not originally designed with security in mind.

Without cross-disciplinary training, both teams may unintentionally introduce exploitable entry points.

 3.     Poor Security Culture and Routine Workarounds

In industrial settings, convenience often wins over cyber security. Operators under production pressures may bypass protocols to keep systems running. Such risky behaviours include:

• Disabling alarms or security features that ‘get in the way.’
• Sharing credentials across shifts.
• Using personal laptops or removable media on OT networks.
• Ignoring patch updates for fear of downtime.

These shortcuts may seem harmless in the moment, but they create long-term systemic vulnerabilities.

 4.     Insider Threats – Malicious and Accidental

Insiders present the highest risks as they already have access and knowledge of the system. Threats include:

• Unintentional insiders such as employees who unknowingly cause incidents through mistakes or negligence.
• Disgruntled employees who purposely sabotage systems or leak credentials. 
• Contractors and Third Parties who have temporary access but poor security oversight.

Because OT systems often rely on vendor support, third-party access is particularly difficult to manage and monitor.

What Organisations can do?

Technology alone cannot secure operational technology. Effective cyber resilience requires organisations to invest in the people and processes behind the systems. These are some key recommendations:

• Implement continuous OT specific Cybersecurity Training.
• Encourage collaboration between IT and OT teams including tabletop exercises.
• Enforce strict access control and password management.
• Reduce reliance on removable media and insecure remote access.
• Establish clear cyber security policies and ownership using defence-in-depth strategy.
• Foster a culture where security is seen as a safety issue, not an obstacle. This responsibility should be shared across all levels of the workforce, with leadership leading by example.

Conclusion

In today’s interconnected industrial landscape, the human factor is both the greatest vulnerability and the greatest opportunity in OT cyber security. While attackers exploit human mistakes, organisations can dramatically reduce risk by building a strong cyber security culture, bridging skill gaps, and empowering employees with knowledge and clear processes.

Strengthening human behaviour isn’t just good security practice - it’s essential for protecting critical infrastructure.

The team at Asset Guardian has over 20 years experience across companies operating in critical industries to help protect and secure against ‘The Human Effect.’

Contact us to discuss how we can help you achieve your operational and cyber security objectives.