Bridging the operability gap
15th September 2026 • Online
In an increasingly hostile attack environment, CNI operators need a practical blueprint for 'good enough'
Tough times for the world's most targeted sector
According to a March 2026 Research Report into the state of UK CNI:
• 93% of CNI organisations experienced a cyber attack in the past 12 months
• Regulation is now the #1 motivator for maturing cyber security programmes
• Al-related cyber risk has entered the top five cyber challenges for the first time
• Cloud environments are now the most common attack entry point
• Legacy OT and outdated systems drive a significant proportion of successful breaches
And it's not simply attacks. The top impacts came in the form of IT outages (50%), operational disruption (34%), and revenue / data loss (31%).
The good news- and in a sense the bad news too- is that attack sophistication is not the issue The top attack vectors are still phishing/BEC, DDoS, and straightforward malware infiltration, with Cloud a key attack vector.
The causes too are familiar: poor patching hygiene {34%), poor monitoring (35%), lack of skilled personnel {38%). And, of course, in a sector that build infrastructure to last decades, "legacy" technology doesn't mean obsolete computers, it means physical plant that cannot simply be replaced like an out of date iPad.
The foundational failing is still visibility: only 29% have centralised asset visibility. And it's hard to defend what you cannot see.
The sector is also making the same mistakes with Al as with previous technology revolutions - adopt first, secure later. (Though it is not alone in this).
Finally, regulation has become the dominant force shaping cybersecurity investment in CNI, with 35% of organisations now citing it as the primary driver of cyber maturity-a sharp year-on-year increase. Adoption of key frameworks such as CAF and NIS2 is rising, but remains uneven, with only 46% reporting compliance with CAF and just 29% with NIS2. But only 35% of organisations believe regulation is delivering security in practice.
So what does all this imply for CISOs and their vendors?
It means that CNI doesn't need more tools or fancier tools unless those tools deliver real visibility, real resilience and the ability to deploy them at scale in the real-world in which CNI operates.
It means that there is budget for regulatory and Al-driven initiatives but that these need to be more focused on delivering actual security and resilience and not just compliance or fancy dashboards.
And it means CNI operators need partners. They need help from their peers. And they need a trusted space to find them. That's why we are running the e-Crime & Cybersecurity Manufacturing Summit.
The e-Crime & Cybersecurity CNI Summit will take place on line and will look at how cybersecurity teams are tackling these challenges. Join our real-life case studies and in-depth technical sessions and help make manufacturing secure.
The themes of this summit are:
Achieving visibility across ecosystems
From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that?
Transitioning OT to the Cloud?
OT traditionally was localized in particular sites and air-gapped from IT systems. But connectivity with broader corporate networks and the need to manage technology more centrally (especially during COVID) has seen companies looking at managed services in the Cloud for OT. Is this a way forward? Or does the Cloud just create more problems?
Defending against the latest ransomware variants
Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. What can CISOs do to better defend against ransomware?
OT and the regulations
DORA, NIS2 and other regulations put more responsibility for resilience on firms deemed important or critical. Many have focused on IT networks but the regulations include all resilience and so OT environments matter. What does this new emphasis from mean practically for OT security?
Why zero trust, isolation and segmentation are key
There has been a shift in recent attacks away form the theft of data- now threat actors are concerned with interrupting all operation activity. It is now critical that business functions are separated, and that internet access to OT networks is limited. Can security teams still keep up with sophisticated foes? Should they upgrade their capabilities?
Pen testing for OT/ SCADA
Testing is key to identifying and fixing vulnerabilities before they're exploited. Regulations like NERC CIP require utilities to assess and mitigate risk. Testing checks OT security controls are functioning properly shows regulators an organization's commitment to security. But what what kind of testing works best? How frequent should it be? Who should do it?
Making the best use of threat intelligence
In a preemptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats - where do they get it?
Security Posture Management
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots - not just generate tickets?
Improving continuous attack surface discovery
You need to know what attackers can see and what they can actually attack - and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective?
The power of automation
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world?
Adversary simulation and behavioural analysis
Automated adversary simulation Identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROls as well as providing board and audit reporting. How well do they work in practice?
Dealing with regulations
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help?