Topics:
Cybersecurity doesn’t stop at the office door, it also reaches deep onto the manufacturing floor. Modern plants are filled with connected devices that traditional IT tools struggle to secure. Many of these devices rely on proprietary protocols or falter under standard scanning techniques, leaving critical parts of the infrastructure overlooked.
But why would organizations knowingly leave production systems exposed? Aren’t these devices essential to output and safety? The answer often lies not in technology, but in the incentives that drive decision-making. To understand why, we need to examine how incentives shape priorities across IT and OT.
As renowned investor Charlie Munger says, “Show me the incentive, and I’ll show you the outcome.” Incentives inherently motivate people to behave in certain ways or strive for certain outcomes. In manufacturing, many businesses tie financial bonuses and shareholder value to performance metrics such as meeting a production/sales target or reducing bottom line costs. Even company values and mission statements can take a back seat to the pressure to hit these targets.
It is important to state that most leaders do not intentionally ignore everything to hit a sales goal, but it becomes hard to ignore the momentum that such incentives can build. This becomes particularly interesting when faced with a choice to spend resources on projects that don’t appear to directly impact those metrics. For example, ignoring OT security can cause downtime, lead to regulatory fines, and cause reputational damage.
As mentioned earlier, plants are often incentivized to produce a specific amount of product with the lowest possible cost, while working safely of course. IT on the other hand is challenged with another set of goals: keep the organization’s technological systems running continuously and effectively at the lowest possible cost, while maintaining security. For example, an OT team may push for bypassing authentication to keep a line running, while IT insists on enforcing it to prevent breaches.
OT teams want to eliminate time from every step in the process to keep costs down and focus exclusively on value-added work. Ensuring security and access requires specific steps to be taken to verify identity, protect important information, and reduce risk. OT values time more than anything and IT values risk mitigation (which requires time).
IT Priorities | OT Priorities | |
Primary Goals | Protect data, systems, networks | Maximize update and production output |
Key Incentive | Risk mitigation, compliance | Efficiency, speed, cost reduction |
Focus Area | Information access, identity, security | Machine availability, process flow, safety |
Time Sensitivity | Willing to add steps for security | Minimize steps to avoid delays |
Success Metrics | Fewer breaches, strong compliance posture | Meet production targets, reduce downtime |
Pain Points | Operations can be reluctant to security solutions | Security seen as interruptor to lean workflows |
Every security initiative consumes time; time to develop, time to implement, and time to execute. Even top-tier security platforms can disrupt lean manufacturing flows and frustrate plant teams. Nobody wants to tell their manager that they missed a production goal because they couldn’t authenticate their login credentials or that the machine has an unsupported operating system. While most people acknowledge the gap between IT and OT, there isn’t always a good plan to handle it with shared accountability.
IT can be overwhelming to initiate change between established IT and OT groups. Here are three common areas to consider when trying to reduce the IT/OT gaps.
1. Strengthen Network Segmentation
Divide critical systems into secure zones to limit exposure of legacy equipment.
Ensure that production devices can communicate efficiently without bypassing security controls.
This reduces the friction between IT’s need for risk mitigation and OT’s demand for uptime.
2. Manage Third-Party Access Effectively
Provide secure, monitored channels for vendors to troubleshoot or repair equipment.
Track all changes made by external partners to maintain accountability.
Faster repairs and transparent oversight help both IT and OT achieve their goals without compromising security.
3. Monitor and Support Legacy Devices
Many older devices were not designed with modern cybersecurity in mind.
Proactive monitoring can alert maintenance teams to potential failures, repair costs, or part availability before downtime occurs.
This approach balances OT’s need for efficiency with IT’s responsibility to protect vulnerable endpoints.
Safety has rightly become the foundation of manufacturing since the workforce is the most valuable part of the manufacturing process. Companies design new methods to lift, move, and interact with products and equipment that reduces injury and accidents. Security also provides many foundational benefits to the manufacturing industry. It helps companies avoid major accidents due to outside intervention and reduces downtime by protecting network access/control.
The divide between IT and OT incentives doesn’t have to be a roadblock. By recognizing the different priorities — efficiency and uptime on the plant floor versus risk mitigation and security in IT — leaders can build shared goals that bridge the gap. Cross-training IT/OT skills, common terminology, and collaborative strategy are essential to creating a unified vision.
Ultimately, strong leadership must ensure that risk mitigation is not seen as a drag on productivity but as a foundation for safe, resilient, and efficient operations. Organizations that align IT and OT incentives will not only protect their networks but also unlock new opportunities for growth and performance. The time to close the gap is now.
