Topics:
As 2025 comes to a close, some of our Nexus contributors and experts have provided us with a look back on the year in cybersecurity, and their predictions for the next year within their industries and specialty areas. Today, expert Danielle Jablanski reflects on market shifts around OT cybersecurity and predicts a newfound emphasis on metrics in 2026.
Reflecting on 2025, operational technology (OT) leaders realized that getting the full ROI from capabilities requires intentional training and capacity building. At the same time, market categories began to shift for OT solutions.
Remediation still requires precision for OT environments, and there are no perfect solutions for the necessary controls. Given the reminders about the security concerns with networking infrastructure, and the gaps that remain between IT security maturity and OT security maturity, we leave 2025 asking what does all this OT data do for me? What can I protect and prevent today and how do I continue to improve tomorrow?
I think in 2026 we will start to see security teams get serious about metrics—where risk reduction outcomes with goals and deliverables are more routine and less aligned to the specific outputs of tools and capabilities.
I think roadmaps for iterative and holistic approaches to continuous improvement will be more important than the adoption rates of specific vendor products or categories. I think the broader cybersecurity world will increasingly see OT as part of their attack surface and extension of their security mandate(s).
I also expect new solutions to continue to address nuanced and sector-specific considerations, rather than a domination from one type of solution over another, even among those built for OT.
I believe standards and regulations will continue to expand for sectors, and that national and even international standards will continue to play close attention to broader awareness of the principles of IEC/ISA 62443, as well as the impact of NIS 2 implementations and the EU CRA impacts.
Danielle “DJ” Jablanski leads STV’s operational technology (OT) cybersecurity consulting program, advising clients in security program development, strategy, tool selection and deployment to mitigate cybersecurity threats facing operational technology and cyber-physical environments across transportation, energy, water, and infrastructure projects. Formerly a SME in the Office of the Technical Director at CISA, at Nozomi Networks, and Guidehouse, she is an experienced strategist, analyst, and program manager, with hands-on industry and governance expertise in OT and industrial control systems (ICS). In her free time, she teaches two college courses on Cyber-Physical Cybersecurity.
