Investors should be asking C-suites how well prepared companies are to manage potential OT-related impacts stemming from SolarWinds breach


A January 22nd Lawfare piece points out that most of the coverage of SolarWinds has focused on the impact on IT systems while equally damaging, but as yet not visible impacts on operational technology (OT) have not received adequate attention.

Microsoft President Brad Smith highlighted that the full impact of the breach as it is currently understood is only in an early phase. The article points out that since OT systems control the physical world, potential impacts stemming from the breach could be far more damaging.



We have addressed the heightened risks of the merging of IT and OT across a number of sectors over the past year. The combination of a vastly expanded threat surface, increased reliance on digital technology to function and a huge spike in ransomware attacks on companies in 2020 has resulted in a significant increase in the downside financial risk associated with poor cyber governance. This applies not only to industrial and energy companies most often associated with OT, but also to companies across all sectors that utilize OT to fulfil essential functions.

SolarWinds may yet bring these risks into focus in 2021 across any number of companies that 1. Were impacted by the breach and 2. Are heavily reliant upon OT.

FireEye explained why OT disruptions are so financially costly: “...ransomware infections—either affecting critical assets in corporate networks or reaching computers in OT networks—often result in the same outcome: insufficient or late supply of end products or services.”

C-suites should be focusing on ensuring the necessary controls and processes are in place to lower the downside financial risks of a disruption. Investors should be asking C-suites:

  • What is the potential cost of an operational disruption in $ terms if OT is disabled?
  • What $ resources are being invested in controls and processes to limit risk of disruption?

In the case of SolarWinds and future large-scale breach events, investor and C-suite complacency will also come with an ever-larger price tag.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website