This August, two independent studies made one thing clear—the risks facing Operational Technology (OT) are growing faster than most organisations can contain.
One industry report warned that the potential global financial impact of OT cyber incidents could stretch into the hundreds of billions annually, driven largely by indirect costs like production shutdowns, cascading failures, and supply chain disruption. At the same time, new academic research found nearly 70,000 OT devices directly exposed to the public internet, many running outdated firmware with critical vulnerabilities.
For operators of critical national infrastructure, these findings are a stark reminder that the weak points are already visible, and attackers know exactly where to look.
The research highlighted systemic issues:
These aren’t exotic zero-day attacks. They’re open doors, waiting to be exploited.
At the same time, the financial modelling underlines the scale of what’s at stake. Even “typical” OT disruptions can cost billions each year, but in high-impact scenarios, losses could multiply several times over—affecting not only the operator, but entire regions and industries.
The most striking detail across both studies is that these aren’t simply technical problems—they’re identity problems.
Attackers don’t need advanced exploits when authentication gaps already give them the keys.
The path forward is clear: plug the exposure gap by securing identity and access at the OT level.
Effective OT authentication:
By embedding identity controls into every access point, operators can shrink risk exposure dramatically—transforming billions in potential losses into manageable, preventable threats.
August’s findings show that OT systems remain the soft underbelly of critical infrastructure. Whether through devices sitting unprotected on the internet or the staggering costs of large-scale disruption, the consequences of inaction are now measured in billions, not millions.
Technology budgets, policies, and awareness campaigns all help—but without robust authentication at the OT level, the same blind spots remain.
In OT, identity is security. Closing those gaps is not optional—it’s the frontline defence for national resilience.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.