Operational technology cyber security

Stay secure. Stay productive

Making your operational technology more resilient to security threats

Cyber attacks on operational technology are more complex and more prevalent than ever before. Malicious actors are smarter and more determined to bring operational infrastructure to its knees - from infecting engineering and manufacturing plants with ransomware, to hacking the systems that run public utilities. No matter which industry you’re in, if you have operational technology, these kinds of threats pose a fundamental risk - to you, your customers and the communities you’re part of.

We’re here to help you get ahead of the threats, so you can keep your operations running and stay productive. Our teams help organisations of all sizes, in every industry to protect their operational assets and systems, and strengthen their information security for greater resilience in the future.

Build your resilience

Recently, malicious actors have started to pose fundamental - sometimes existential - threats to organisations by disrupting operations. Hackers know the value and importance of operational technology. They’ve shifted focus to infecting infrastructure with malware and ransomware, bringing production lines and factories to a halt until ransom demands are met. State-sponsored attackers are well-funded, more sophisticated and highly capable, targeting everything from water treatment plants to national power supply grids. And that’s not to mention unpredictable attacks from disgruntled employees and other ‘inside threats’.

Against this backdrop, your organisation is likely to be facing increasing pressures as you look to secure operational technology, including:

  • Getting a clearer understanding of the evolving risks in your Operational Technology assets and estates.
  • Building a culture of vigilance and empowerment, with the right people in the right roles, with the right training and responsibilities.
  • Supporting your security and technology teams as they connect more Operational Technology assets to your wider
  • IT infrastructure - and increase the number of assets and systems they need to monitor and secure.
  • Introducing new technologies and platforms - the internet of things - to your business and operations, potentially increasing the ‘attack surface’ you need to protect.

We’ll help you face these challenges by:

  • Considering the risks and implications of connecting more systems and assets.
  • Focussing efforts, based on business priorities.
  • Assessing maturity, prioritising short-term remediation and putting in place longer-term strategic improvements.
  • Coordinating multiple teams with different needs and competing priorities, so everybody is on-board and confident to face the threats together.

We’ll help you build a resilient business that stays productive by staying ahead of the threats.

Three steps for success


To stay ahead of the threats, you need to fully understand your assets and systems - and their vulnerabilities. We’ll work with you to assess your maturity - what assets you have in place; where the areas of weakness lie; what systems and processes are in place to protect them; and if any potential actions are falling between the cracks. This will also involve looking at your people and culture, to assess any need to improve cyber security training, define best working practices, and look for opportunities to empower people and improve decision-making.


Once you know the lay of the land, we’ll help you secure the assets that are most critical to your operations. We can perform risk assessments and develop risk treatment plans to make sure your core operations are set up to stay running. Crucial to success is analysing the most important areas to protect and prioritising where to focus your time and investments - rather than tackling everything at once, we’ll start by securing the assets that matter most.


Staying resilient is an ongoing task. We can help you put the right processes and systems in place to stop threats in their tracks - and carry out ongoing reviews and management to make sure you stay ahead of threats. And, if you are affected by a cyber security or data breach, we can support you as you carry out remediation work to get you back up and running. Your teams don’t have to shoulder the burden alone.

Key capabilities

Security Labs: We’ll play the bad guys, so the real ones don’t get to you

Our ethical hackers and technicians are constantly testing and experimenting, replicating threats and staying ahead of the latest vulnerabilities. And using our industry leading labs, we can replicate your environment to help you understand how and what might happen in the event of an attack.

Threat detection and research: Keeping you protected from the latest threats

Our global network of threat detection analysts are on the lookout for the latest malware, ransomware and other cyber risks. We’ll keep you protected as threats evolve.

Technology partnerships: Bringing you the best systems on the market

We’ve formed partnerships with world-leading cyber security technology companies, such as Microsoft, Palo Alto Networks and Tanium. So you can be confident that our work together is built on the very best systems available today.

Why PwC?

The business view of operational technology resilience

Any OT experts could help identify risks or opportunities to improve OT Security. What sets us apart is that we understand what matters most to you and your sector. We work with organisations of all sizes, in all industries - from oil and gas to shipping; and from public utilities to manufacturing. We have the insight to help you prioritise and order your efforts, so you can focus limited resources on what’s strategically and operationally important.

You might have hundreds of production sites at risk that you could protect. But with limited money and time, are they all equal? Where should you start? What’s most vital to secure?

You might have multiple manufacturing plants that need updating, but how do you roll out an improvement plan without disrupting your productivity? Is it better to set the ‘gold standard’ at one or two sites, then replicate that blueprint in a controlled way elsewhere?

Our dedicated team of OT Security experts will help you go beyond seeing what you could do, to helping you focus on what you should do. We’ll combine operational technology capabilities with industry and business insight to help you assess what’s most important - then build a plan that sets you up for success.

Contact us

Sean Sutton

Sean Sutton

Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7483 407797

Follow us