Creating industrial cybersecurity leadership involves fundamentally altering the mindset, one that mirrors the changing nature of the threat landscape and the increasing interdependence between OT (operational technology) and wider business risk. Where once upon a time cybersecurity was a technical matter, siloed from OT infrastructure, modern industrial environments tend to increasingly be digitized and connected, which has brought about the need for new leadership models.
The main functions of the industrial CISOs have also been redefined. Thus, the head of the cybersecurity department has to play the role of security gatekeeper as well as that of an innovator, who is closely connected with the technical staff, the organizational change manager, the one responsible for dealing with regulation, and the one who oversees risk management.
In the new age of industrial cybersecurity, just having a technical background is not enough. The heads of cybersecurity need to outline complex risks and vulnerabilities that can translate into business risks, communicate across different disciplines, and be the change agent for cultural change. Making cybersecurity a culture within the industry implies that it is part of the risk and safety protocols, the design of the control system, and even in the procurement process. True industrial cybersecurity leadership understands both the language of the factory production line and works to navigate the boardroom.
To ‘future-proof’ industrial cybersecurity leadership implies that a stream of professionals with various knowledge and skills is being developed, covering those professionals who can lead with no fear of the uncertain, think past compliance, and promote resilience as a strategic asset across the organizational framework. The need of the hour is a leader who can do more than just handle threats and attacks, one who can reform security so that it becomes not only the common practice in industrial sectors but also well-valued and properly understood.
Adapting OT cybersecurity leadership in changing landscape
Industrial Cyber consulted with industrial cybersecurity experts to examine how the role of cybersecurity leadership has evolved in response to the escalating threat landscape and growing geopolitical tensions impacting OT/ICS environments.
“Over the past decade, increasing geopolitical tensions and macroeconomic uncertainty have reshaped the responsibilities of cybersecurity leaders,” Marco Pereira, global head of cybersecurity, cloud infrastructure services at Capgemini, told Industrial Cyber. “What once was a business landscape driven by globalization, offshoring, and hyperscale cloud integration is shifting. Today, many multinational organizations are re-evaluating their supply chains and dependencies on foreign providers.”
In Europe, Pereira noted, there is a growing emphasis on sovereignty in areas such as data, products, and services, which has become a key priority for operational technology teams.
Yoann Delomier, business strategy leader for OT at WALLIX, told Industrial Cyber that traditionally, OT cybersecurity was compliance-driven, focusing primarily on adherence to standards such as NIST or IEC 62443. “However, with escalating geopolitical tensions and increasingly sophisticated threats (ransomware, nation-state sponsored attacks), executives must now prioritize proactive risk management.”
Supported by stronger cyber governance within production and operations, Delomier noted that emerging OT cybersecurity leaders are adopting risk-based frameworks that emphasize asset criticality and resilience. “Among the drivers of this change, the multiplication of cyberattacks during the Russian-Ukrainian conflict, as well as their increasing sophistication, marked a decisive turning point in the evolution of the role of cybersecurity managers,” he added.
The role of cybersecurity leadership in industrial control systems (ICS/OT) is evolving, but not fast enough, Richard Robinson, chief executive officer of Cynalytica, told Industrial Cyber.
“We often view leadership maturity through a Western lens. That is a mistake. The threat landscape is global, but readiness is uneven,” Robinson said. “Many regions still operate under the assumption that cyber threats are an ‘IT problem.’ Meanwhile, adversarial technologies targeting control systems, from protocol-aware malware to AI-generated logic attacks, are advancing faster than many leaders are willing to acknowledge.”
He added that “We are past the era of defending just IP networks. Today’s threats exploit blind spots in non-IP protocols, legacy PLCs, and analog instrumentation. Nation-states are building offensive capabilities that bypass traditional defenses entirely, and they are being tested in active conflict zones.”
“Effective cybersecurity leadership now requires intelligence awareness, geopolitical fluency, and the ability to see beyond compliance,” according to Robinson. “Leaders must invest in passive, full-spectrum data collection and analytics platforms that detect at L0–L2. Anything less is reactive. This is not about where your firewall ends. It is about whether your organization can detect the physics of sabotage before it becomes a national crisis.”
Patrick Miller, president and CEO at Ampyx Cyber, told Industrial Cyber that reliance on governments to assist is becoming more and more uncertain. “This means leadership at the company level – across all geographic scopes from the local, to regional, national, and multinational – is becoming more important. Having a strong security posture that meets the high watermark for all will be both the challenge and the solution.”
Rethinking role of industrial CISO
As the industrial CISO role becomes more strategically focused, balancing compliance, operational integrity, and business risk, the executives reevaluate how expectations around cybersecurity leadership are shifting across industrial organizations.
Pereira mentioned that resilience is becoming a bigger focus. “Incidents like the recent outrage at Heathrow Airport and the power outage across Spain and Portugal have made that clear. In a world where everything is connected, so are the risks. Organizations are only as resilient as their weakest link, which is often a third-party or vendor. That’s why many CISOs are placing greater emphasis on supply chain visibility. It’s not just about staying resilient anymore – it’s about keeping up with tightening regulations like NIS2 and DORA.”
“Today, the industrial CISO is an integral part of corporate governance, with missions that are increasingly cross-functional and strategic,” Delomier identified. “The era when the CISO served merely as a technical expert or a ‘translator’ between operations and IT teams is over.”
He pointed out that modern expectations now focus on risk quantification, assessing financial, operational, and reputational impacts of cyber threats; IT/OT convergence expertise by securing interconnected environments while ensuring operational continuity; and regulatory mastery by navigating evolving compliance requirements (e.g., NIS2, TSA directives) without hindering business agility. He added proactive threat monitoring that anticipates emerging risks through intelligence-driven strategies, and board-level reporting covering communicating cyber risks in business terms to enable informed decision-making.
Delomier added that the industrial CISO is also the person who has to measure, alert, and assume major risks that cannot be mitigated in the short term, given production constraints and high threats, not always a comfortable situation.
“The role of the industrial CISO is changing from technical guardian to strategic operator. But the reality is that this shift is not happening at the same pace around the world,” Robinson said. “In many global regions, CISOs are still confined to compliance checklists, while adversaries are already exploiting operational gaps. In others, a very few forward-leaning leaders are balancing compliance, uptime, business continuity, and geopolitical risk, and becoming key voices in the boardroom.”
He noted that the expectations should be clear to understand the full spectrum of ICS communications – analog, serial, and IP layers of the ICS/OT environment; demonstrate how cybersecurity investments protect operations, not just networks; and deliver ROI through resilience by turning cybersecurity into a business enabler.
Robinson added that “Strategic CISOs are no longer just defending perimeters. They are aligning cybersecurity with industrial economics. They are deploying cross-layer monitoring (IP, serial, analog), quantifying risk to production systems, and preparing for AI-driven threats to L0-L2 processes. The message from executives is no longer ‘Are we compliant?’ It is ‘Can we keep running when the worst happens?’”
“The expectations at the business level are higher,” Miller said. “The CISO must now be able to provide a program that can satisfy the board/shareholders, customers, regulators, insurance providers, and creditors. It’s about keeping the company both secure and profitable.”
Cybersecurity leadership may need more than technical expertise
The executives explore whether foundational competencies such as strategic thinking, communication, and risk management will be just as critical as technical expertise in shaping the next generation of cybersecurity leadership across critical infrastructure sectors.
“Executive-level communications remain a challenge,” Pereira said. “While progress has been made, presentations are often lean too technical, lacking the business context senior leaders require. That said, OT CISOs bring a unique strength – they deeply understand the operational impact of cyber risks. Leveraging that insight to frame discussions in terms of business impact is key to making their message resonate at the board level.”
Delomier said that it’s the so-called ‘soft skills’ that must define the next generation of industrial CISOs.
He emphasized that communication and influence are essential skills for modern cybersecurity leaders, including the ability to translate technical concepts into strategic language that executives understand. It also involves negotiation skills, such as persuading a plant manager to halt production for a critical security update, and storytelling, where presenting technical reports in a way that includes realistic scenarios and resonates with non-technical stakeholders.
Delomier highlighted the importance of collaborative leadership. He noted that collaborative management that unites IT and OT teams, building a strong industrial cybersecurity culture, is key, which means training operators with appropriate tools. Leaders must also be skilled in conflict resolution, such as defusing tensions between business and security.
He further noted the need for critical thinking and adaptability. Leaders must make sound decisions under pressure, particularly during a crisis. This includes prioritizing actions effectively and relying on proactive intelligence to detect early geopolitical warning signs. Cybersecurity leadership must also stress resilience, the ability to manage cyber incidents that can have real-world, physical consequences.
“The most impactful cybersecurity leaders of the next decade will not just understand protocols, they will understand people, politics, and technology evolution,” Robinson said. “Around the world, leadership maturity is uneven. In some regions, the ICS/OT security conversation is still dominated by technical siloing and vendor tainting. But the emerging standard is different: strategic fluency, emotional intelligence, and the ability to align diverse stakeholders, from field engineers to CFOs.”
He added that “We are not just fighting exploits, we are navigating organizational inertia, cultural resistance, and geopolitical instability. That means knowing how to turn a 4-20mA anomaly into a compelling boardroom narrative, bridging the gap between safety-first cultures and cyber-first imperatives to leading collaborative labs where IT, OT, and business teams learn together. The future belongs to leaders who can see beyond technology and build trust across disciplines, geographies, and risk tolerances.”
Miller recognized that the ability to translate technical security to the profitability (or loss/risk-prevention) and sustainability of the company. “They need to be able to speak business risk, not bits, bytes, protocols, and acronyms.”
Pushing cyber to the forefront of industrial culture
The executives assess how industrial cybersecurity leadership can challenge cultural change in organizations where safety and availability have taken precedence over security, and push for a culture that treats cyber risk as integral to operational resilience.
“Safety must remain a top priority. But as IT and OT cybersecurity come together, it’s important to see the bigger picture,” Pereira said. “Cybersecurity on its own isn’t the end goal – it’s a critical enabler of operational resilience. Once we start looking at safety and resilience together, the cultural difference becomes smaller as these worlds converge.”
Delomier said that to effectively convince organizations to prioritize cybersecurity without compromising availability, managers should frame cybersecurity in business terms by directly connecting cyber risks to operational impacts, including potential costs and downtime. Practical analogies work best, such as comparing an OT firewall to ‘a digital safety valve for industrial data flows.’ They must also demonstrate through action by implementing focused pilot projects that showcase cybersecurity’s role in enhancing operational resilience. Controlled, non-disruptive attack simulations can effectively raise awareness while maintaining production continuity.
He also called for adaptive training approaches using jargon-free formats like 5-minute video modules and mobile-friendly quizzes. This engages field teams more effectively and helps transform operational leaders into cybersecurity advocates. Remove adoption barriers by prioritizing OT-specific solutions designed for industrial environments. This approach naturally leads to higher user acceptance and smoother implementation
Robinson said that cybersecurity will not win in industrial environments by leading with fear or compliance, but sadly, this is what is driving the market. “In the global ICS/OT space, safety and availability are non-negotiable. In regions with lower cybersecurity maturity, this culture is even more deeply embedded and misunderstood by Western frameworks.”
“To change that, cybersecurity leaders must speak the same language as operators,” he added. “We must show that threats to all environments, serial, analog, and hybrid control systems, are safety threats. To effectively accomplish this, we must deploy passive monitoring that does not touch or disrupt operations, demonstrate that anomaly detection can prevent shutdowns, not cause them, and build trust by working with, not against, the engineering mindset.”
He further added that security cannot be bolted on. It must be baked into the operational mission. Culture change happens when teams realize cybersecurity protects them, not just the network.
“Shift the mindset to security supporting safety,” Miller said. “Security and safety are the same word in most languages. This is an easy marriage.”
Cybersecurity leadership face cross-team challenges
The executives look at the strategies that best equip cybersecurity leadership to bridge the divide between IT, OT, and business teams, each with their risk tolerances and operational priorities.
Pereira said that leaders need to move beyond siloed thinking and focus on what truly matters – business outcomes and the needs of their clients. “Senior leadership should take a holistic view, making decisions that benefit the entire organization, not just their individual areas of responsibility.”
“To bring IT, OT, and business teams together, leaders should focus on teamwork, clear goals, and being aware of risks. First, set shared goals like digital transformation, uptime, and security, while keeping in mind the different risk levels of each team,” Delomier said. “They also have to encourage teamwork by creating cross-functional teams, holding joint workshops, and using shared metrics, like tracking major incidents each month for both IT and OT. Improve communication by training teams on what matters to each other, such as helping business leaders understand the costs of OT downtime and IT folks learning about operational KPIs.”
He also called for the use of common risk assessments based on IT guidelines like NIST and OT standards like IEC 62443. “Technology like augmented reality and digital twins can help merge these areas. Lastly, to create a better culture, it’s important to consider new roles like a chief digital officer to help break down barriers.”
Robinson said that in critical infrastructure, cybersecurity success is no longer about who owns what; it’s about whether anyone can see the full picture. “Too many organizations still treat IT, OT, and business risk as separate conversations. That must change, especially in countries where leadership structures are siloed and cybersecurity maturity is still catching up.”
Looking at the strategy that could work, Robinson highlighted building collaborative testbeds where teams can see the threats across IP, serial, and analog layers, translate risk into what matters to each team: data loss for IT, downtime for OT, bottom-line impact for the board and use real-time monitoring to model real-world threats and break down the communication barriers. He also identified that bridging the divide is about more than governance. It is about trust, and that starts with shared visibility, cross-functional learning, and clear translation of operational risk.
Miller pointed to understanding the bigger picture, in addition to understanding the specifics and technical nuances in each vertical. “Being able to see the forest and the trees will be the arc of true success in bridging these gaps.”
Future-proofing industrial cybersecurity leadership
Looking ahead, the executives focus on how CISOs and OT cybersecurity leaders must adapt to emerging threats such as AI-driven attacks and hyperconnected supply chains, and what kind of legacy they should strive to leave behind.
“When it comes to AI, organizations must be hyper vigilant with data security. There’s a growing demand to feed models with as much data as possible, but without proper safeguards, that can put sensitive information at risk,” Pereira said. “As mentioned earlier, an organization is only as strong as its most vulnerable key supplier. That’s why it’s crucial to go beyond basic checks and invest in tools like automation and vendor risk scoring to continuously monitor third-party risk across the supply chain.”
Delomier mentioned that CISOs and OT cybersecurity leaders need to be proactive when facing threats like AI attacks and interconnected supply chains.
“Key steps include focusing on AI security tools for spotting and handling threats, creating strong strategies against ransomware, and adopting zero trust principles in supply chain setups,” according to Delomier. “Staying compliant with changing cybersecurity rules, improving teamwork between security, legal, and compliance teams, and using AI for better threat management are important. Ongoing training and sharing threat intelligence are vital too. By integrating AI into security plans, leaders can boost threat detection and efficiency.”
He added that the legacy they should aim to leave is one of enhanced security, resilience, and trust in the digital landscape, achieved by building trust with stakeholders and securing critical infrastructure from politically motivated cyber threats.
Robinson identified that “the threats are evolving faster than our defenses. AI-driven ICS malware. Tainted firmware in the supply chain. Multi-vector attacks that cross from the cloud to the control loop. This is the new frontier for cybersecurity leadership, and not every region is prepared at the same pace. In many parts of the world, security is still viewed through a compliance lens while adversaries are training AI models to learn and disrupt L0-L2 behavior.”
“Today’s CISOs and OT security leaders must do more than react,” he added. “They must deploy passive, full-spectrum data collection (IP, serial, analog), invest in AI and ML that understand industrial processes, not just network anomalies, and prepare for hyperconnected threats that do not care about your organizational chart.”
He noted that a leader’s legacy will not be defined by the policies they wrote. “It will be whether your organization can see the threat coming and keep running when it hits.”
Miller called upon industrial cybersecurity leadership to stay sharp. “Get good intel, information, and advice. The landscape shifts by the day. The modern CISO will need to shift with it, make informed and supportable/defendable decisions, as well as respond and correct quickly and transparently when things go wrong,” he concluded.
