COMMENTARY
Boards of directors play an important role in managing the strategic risks faced by their organizations, particularly in sectors with high-risk operational technology (OT) environments such as energy, transportation, manufacturing, and production. Each of these industries relies heavily on OT — the hardware and software that controls physical processes and devices — to maintain safe, reliable operations, making them particularly concerned about cyberattacks. However, understanding and managing cyber-risks in OT systems can be challenging for boards, often due to the cyber-physical nature of OT and its integration with information technology (IT).
The Primary Obstacles Boards Face in Evaluating OT Risks
One of the biggest challenges boards face is the wide gap between OT specialists and board members. Individuals with deep OT domain knowledge are often too far down the organizational hierarchy to directly influence board-level decisions. This disconnect can lead to a lack of risk awareness and understanding at the highest levels of the organization.
Additionally, the chief information security officer (CISO), who typically manages enterprise cybersecurity risk,…
