Having the conversation with senior management about operational technology cybersecurity and obtaining sufficient budget to mitigate and manage risk continues to be a challenge. Many in management still see cybersecurity as insurance and compliance as a tax. Who wants to spend money on that? Nobody!
IT has been budgeting for many years for firewalls, network equipment, endpoint detection response, managed detection and remediation, security information and event management tools, etc. OT staff always have a project underway upgrading OT systems, building new plants, and so on, and there is a well-oiled process for these kinds of budget requests. So, how do you compete for a new category of investment: OT cybersecurity?