In a worst-case -- but possible -- scenario over a one-year period, losses from OT-related breaches could reach $329.5 billion, with $172.4 billion from OT-related business interruption, according to an Aug. 12 report by cybersecurity firm Dragos and the Marsh McLennan’s Cyber Risk Intelligence Center.“Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments,” said Robert M. Lee, Dragos CEO and co-founder. “The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer. Our report fills a critical gap by translating OT security into measurable financial risk and assessing controls aimed at mitigating that risk.”The report, which the Marsh McLennan Cyber Risk Intelligence Center analyzed a decade of breach and insurance claims data, found that the three OT cybersecurity controls most correlated with risk reduction (RR) include the following:Mark Stacey, director of strategy for Dragos, said standard IT tools fall short in OT environments because the protocols and systems are different. Stacey said purpose-built technology delivers OT-specific detections and playbooks, empowering defenders to operate effectively in these unique environments.“Security starts with knowing what you’re protecting,” said Stacey. “Comprehensive asset inventories and persistent monitoring form the foundation, enabling both proactive threat hunting and effective incident response.”Chad Cragle, chief information security officer at Deepwatch, said the Dragos findings highlight a staggering cost of OT cyber risks: nearly $330 billion in potential yearly losses.“If a SOC manages IT/OT data, that number should send chills down your spine, and if you're a CISO responsible for that data, you’re probably only getting 2.5 hours of sleep each night,” said Cragle. “The foundation starts with visibility into OT assets, anomaly detection tailored for industrial protocols, and incident playbooks designed for both operational and safety impacts. These aren’t just extras — they are critical.”Thomas Wilcox, vice president, security strategy at Pax8, said SOCs need to assume that a compromise will eventually occur and meet that challenge. He said it means streamlining identification, alert and response processes.“It’s not a surprise that adversaries are leveraging AI to increase the speed of compromise,” said Wilcox. “The industry needs to meet the adversarial AI use with AI-powered toolsets that recognize, alert and can begin responding. It’s not acceptable to move at the speed of traditional incident response processes when our adversary moves at the pace of AI.”
- Incident response planning, up to 18.5% average risk reduction.
- Defensible architecture, up to 17.09% RR.
- ICS network visibility and monitoring, up to 16.47% RR.




