A Chief Information Security Officer (CISO) is responsible for setting and leading the organisation’s cyber security strategy. Their role is to align cyber risk management with business priorities, ensuring risks are understood, managed and communicated clearly at an executive level. They act as a bridge between technical teams and the board, providing insight, assurance and strategic direction.

Are on-premise firewalls still required if I move to SASE?

It depends on the desired architecture. On-premise firewalls may remain to be used to simply ensure resilient access to SASE services through SD-WAN or may used for LAN segmentation in support of the wider security architecture. Typically requirements for on-premise firewall are greatly reduced which will save licensing costs and management overheads. In some cases only a router may be desirable.

How are security policies managed and updated in a SASE environment?

Policies are centralised in a cloud management plane, allowing administrators to apply rules across all users, devices, sites and cloud workloads. Updates propagate automatically without manual configuration on individual endpoints.

What role does Cloud Access Security Broker (CASB) play in a SASE architecture?

CASB monitors and enforces security policies for cloud applications, ensuring data protection, compliance, and visibility into shadow IT activity within a SASE framework.

How does SASE improve performance for remote users compared to traditional VPNs?

SASE routes traffic through distributed cloud points of presence, reducing latency and improving connection reliability for remote and hybrid teams, while still enforcing security policies.

Can SASE enforce identity-based access across multiple cloud providers?

Yes. SASE applies consistent access policies across AWS, Azure, Google Cloud, and other platforms, ensuring that authentication and authorisation are aligned with Zero Trust principles.

How does SASE combine SD-WAN and security services?

SASE integrates networking (SD-WAN) with security controls such as SWG, CASB, FWaaS and ZTNA, delivering both connectivity and protection from a single cloud-managed platform. SD-WAN can also be achieved standalone without SASE to provide for resilient internet capabilities.

How does micro-segmentation work within a Zero Trust architecture?

Micro-segmentation divides the network into isolated zones, enforcing strict access control at the application and workload level. This limits lateral movement if an account or device is compromised. Its often fairly simple to further segment user to user communications limiting the “blast radius” in the event of a single user device being compromised.

What methods are used to continuously verify user and device trust?

Verification relies on multiple signals, including device posture, location, user behaviour, access history and threat intelligence. Policies adapt in real-time to reduce risk exposure. Many solutions can even utilise signals from other solutions such as anti-malware or threat intelligence platforms.

Can Zero Trust integrate with existing Identity and Access Management (IAM) systems?

Yes. Zero Trust works alongside IAM solutions, enabling strong authentication, single sign-on and centralised policy enforcement without replacing current infrastructure. Its always worth checking that your ZTNA solution of choice supports your existing Identify solution.

How does Zero Trust handle multi-cloud and hybrid environments?

Zero Trust solutions can enforce identity-based policies consistently across on-premises, private and public cloud workloads. Continuous verification ensures secure access regardless of where resources reside. A ZTNA solution may be implemented centrally to do this or through the amalgamation of various ZTNA capable tools depending on the environment and requirements.

What is the difference between Zero Trust Network Access (ZTNA) and traditional VPNs?

ZTNA grants access based on identity and device posture rather than network location. Traditional VPNs adopt a "castle and moat” style whereby access is granted once to allow access to internal resources. A ZTNA approach on the other hand continuously reviews access rights, limits lateral movement and provides granular access control to applications rather than the full network.

What role does a SOC play in secure networking?

A Security Operations Centre (SOC) provides continuous monitoring, detection, and response across network and cloud environments. In a secure networking strategy, a SOC ensures that access controls, segmentation, and configurations remain effective over time. Our purpose-built SOC, known as vSOC, helps identify suspicious behaviour, detect misconfigurations, and respond quickly to incidents, reducing both risk and dwell time.

How does micro-segmentation reduce cyber risk?

Micro-segmentation reduces cyber risk by dividing networks into smaller, isolated segments based on function and sensitivity. This limits lateral movement within the environment, meaning that if an attacker gains access to one area, their ability to move to other systems is restricted. Micro-segmentation is especially valuable for protecting critical assets, sensitive data, and regulated workloads.

What is SASE and how does it improve network security?

Secure Access Service Edge (SASE) is a cloud-based security model that combines networking and security services into a single framework. It improves network security by delivering consistent access controls, threat protection, and monitoring regardless of user location. SASE is particularly effective for organisations with remote users, cloud applications, and hybrid infrastructure, as it reduces complexity while improving visibility and control.

How does Zero Trust networking differ from traditional network security?

Traditional network security assumes trust once a user is inside the network, often relying on VPNs and perimeter defences. Zero Trust removes this assumption by continuously verifying users, devices and access requests. Access is granted based on identity, context and risk rather than location. This reduces the risk of credential misuse, limits lateral movement and provides stronger protection for cloud and remote access scenarios.

What is secure networking and why is it important?

Secure networking is an approach to network security that combines modern access controls, monitoring, and architecture to protect users, data, and infrastructure across distributed environments. It is important because traditional perimeter-based security models are no longer effective in cloud-first and hybrid organisations. Secure networking reduces attack surfaces, improves visibility, and limits the impact of breaches by enforcing identity-based access and continuous verification across the network.

How do I get access to the vSOC Connect Console?

Access is provided as part of your managed services with Data Connect. To get started, book a demo or speak to one of our experts to explore how the platform console can support your organisation.

How does the console support decision-making at the board level?

The vSOC Connect Console empowers boards with clear, visual insight into cyber maturity, progress, and investment impact. Through benchmarking, heatmaps, and Gantt charts, it shows exactly where resources are being directed and what progress is being made. Executives can access board-ready reports at any time, while all users have ongoing support available directly through the portal.

Can I customise my dashboard in the vSOC Connect Console?

Absolutely. You can tailor your dashboard view to focus on the metrics that matter most to you, enabling more efficient prioritisation and quicker access to key insights.

Is the vSOC Connect Console suitable for non-technical users?

Yes. The console is designed with all stakeholders in mind, offering an intuitive, user-friendly interface and clear reporting dashboards ideal for both technical and executive-level users.

How does the console help with compliance, like Cyber Essentials Plus?

The vSOC Connect Console supports your compliance journey by providing continuous monitoring, tracking certification readiness in real time, and highlighting where your organisation falls short. Compliance alone can lead to complacency, so our approach helps you understand what actions are needed and ensures ongoing improvement. With access to technical support throughout the year, our services also provides a roadmap for strengthening security and addressing gaps you might not know to discuss.

Which services are available through the console?

You can access the full suite of vSOC managed services via the console, including: vSOC Assure (Cyber Risk Management) vSOC CERT (Cyber Essentials Review Toolkit) vSOC Recon (Vulnerability Management) vSOC Manage (Managed Firewall) vSOC Alert (Managed Detection & Response) vSOC Aware (Security Awareness Training)

What is the vSOC Connect Console?

The vSOC Connect Console is our centralised cyber security platform that provides full visibility, control, and actionable insights across all your managed services. It acts as your organisation's cyber security command centre.

What kind of organisations do you partner with?

We work with a wide range of partners, including managed service providers, IT consultancies, and security resellers. Whether you’re looking to expand your service offering or strengthen client security, we’re here to support you.

What are the benefits of partnering with Data Connect?

As a partner, you gain access to our expert security team, the vSOC Connect Console, and a suite of managed services you can offer to your own clients. We provide sales enablement support, co-branded collateral, and ongoing technical assistance to help you grow your business.

How do I become a Data Connect partner?

Becoming a partner starts with a conversation. Get in touch with our partnerships team to discuss your goals and explore how we can work together. We carefully evaluate all potential partners and technologies to ensure alignment, focusing on organisations that share our cyber security values and want to bring customers the right solutions.

What certifications and experience does the Data Connect team have?

Our team is made up of subject matter experts with extensive hands-on experience and a wide range of industry-recognised certifications. Unlike IT-focused providers, everything we do is centred on security. We’re not a compliance organisation - we bridge the gap between technical detail and practical security, ensuring every decision supports a stronger, more resilient posture.

Can I speak with a current Data Connect customer before signing up?

Absolutely. While we prioritise our clients’ privacy and security, we’re happy to arrange a direct conversation between you and one of our existing customers. Just get in touch to set up a call.

What is the vSOC Connect Console and how does it work?

The vSOC Connect Console is your central hub for managing all cyber security activity in one place. It allows you to oversee projects, allocate tasks, and track progress across every service. The platform brings together internal performance data and third-party metrics, such as penetration testing results, to give stakeholders a clear, real-time view of where you stand and what actions are needed next.

Who typically uses Data Connect’s services?

We work with organisations that want to better understand their current security position and gain external verification of their defences. Many have capable IT teams but lack dedicated security specialists. In a landscape where threats are constantly evolving, we help them make the most of what they have, close critical gaps, and gain the reassurance that their “doors and windows” are properly secured.

What makes Data Connect different from other cyber security providers?

We build lasting relationships through exceptional service and trusted expertise. Our high customer retention rate reflects our commitment to helping and supporting our clients every step of the way. We deliver managed services through our own vSOC Connect Console, combining our managed services with technical excellence to provide outstanding value, visibility, and long-term partnership.

New rules can be run against all data within the platform, enabling searches for newly identified IOCs across retained data (up to 12 months).

How long are logs and events retained in the platform?

They are retained for a standard period of 12 months in fully searchable hot storage, ensuring fast access and immediate availability for queries, audits, or operational needs throughout that time.

How are events collected into the platform?

Typically a physical or virtual forwarder will be deployed onsite to collect and forward logs into SecOps. Cloud-to-cloud API pulls are also widely available for various cloud applications. SecOps provides flexible, secure paths to get every event into the platform without opening inbound firewall ports or deploying heavy agents.

How long does it take to get fully deployed?

Initial setup is quick and Data Connect will help support customers in onboarding log sources, rule tuning typically then takes 2–4 weeks.

Where is your Security Operations Centre (SOC) based?

Our SOC is based in the UK, where it's closest to our customers.

Which log sources, SaaS apps, clouds and security tools do you integrate with out-of-the-box?

We integrate with 600+ connectors including Google Cloud, AWS, Azure, Microsoft 365, Azure, Okta, CrowdStrike, Palo Alto Networks and Cisco.

Can penetration testing cover all areas of our business?

Yes. We assess networks, applications, cloud infrastructure, APIs, physical premises, and staff awareness through red teaming, social engineering, and advanced breach simulations—providing a complete view of your attack surface.

How do we maximise the value of a penetration test?

By addressing basic security controls first, you reduce easy wins and allow testers to focus on deeper, more complex vulnerabilities—unlocking the greatest insight and strengthening your overall security posture.

How does penetration testing improve security beyond identifying vulnerabilities?

Our approach goes further than finding flaws. Combined with vSOC Assure, it provides strategic actionable insights, strengthens processes, and guides ongoing improvements across your IT environment.

Why choose CREST-accredited penetration testing?

CREST accreditation ensures our testers operate to the highest standards of skill, ethics, and methodology, giving you confidence in the reliability of findings and compliance with audit, regulatory, and supply chain requirements.

What are the outcomes of a cyber attack?

What can happen if your organisation is targeted by a cyber attack? Cyber attacks can result in a wide range of consequences, including: Malware and ransomware infections - Data breaches and loss of personal or customer information - Supply chain compromises - System sabotage or operational disruption - Theft of intellectual property or funds - Reputational damage and loss of customer trust. Training staff to recognise early warning signs helps prevent these outcomes and builds a proactive line of defence.

What to expect from basic security training?

A strong security awareness programme needs to teach you how to spot threats like phishing and social engineering. It builds awareness, safe habits, and empowers you to act as a human firewall, protecting both company and personal data. As a minimum, training should include password security, GDPR, clean desk policies, oversharing of personal information, information security and computer accessibility.

How often should we run security awareness training?

We recommend running training throughout the year, reinforced with regular phishing simulations and relevant content. Our team helps you define a sustainable cadence that aligns with your risk profile and organisational culture.

Can you track who is vulnerable and who needs extra support?

Yes. The vSOC Connect Console provides data on user engagement and performance. You can identify which users are excelling, who needs further training, and where to focus remediation for maximum impact.

How is training content delivered and kept engaging?

We use a wide range of formats - including videos, quizzes, games, posters, and newsletters - to keep content fresh and accessible. Training is gamified and aligned to current threats to ensure ongoing engagement and long-term knowledge retention.

What types of phishing simulations do you run?

Our simulations reflect real-world attack vectors - including credential harvesting, malicious attachments, QR code scams, and spear phishing. These exercises are designed to mimic modern threats, helping your team identify and report suspicious activity with confidence.

How is vSOC Aware different from off-the-shelf training platforms?

Unlike generic awareness tools, vSOC Aware is a fully managed service delivered by experienced cyber security professionals. We tailor each programme to your organisation’s risk profile, incorporate real-world simulations, and provide campaign insights that drive measurable behaviour change.

Can we get Cyber Essentials if we aren’t based in the UK?

Yes because Cyber Essentials is an internationally recognised standard. We have helped many international organisations achieve Cyber Essentials. In many cases, these businesses want certification to increase credibility within the UK market.

How can I check my Cyber Essentials certificate status?

You can quickly and easily find the information through the Cyber Essentials Certificate Search if you’d like to check a Cyber Essentials or Cyber Essentials Plus certification. This useful tool can be found on the IASME website and can tell you your certification numbers, what’s included in scope and the date of certification because for many businesses they'll have two dates, one for Cyber Essentials and another for Cyber Essentials Plus. Better yet, you can use this tool to check on other organisations you may be working with right now or who you’re thinking about working with in the future, this will allow you to determine if the business has solid technical controls in place.

Home
/
Cyber Resilience
/
Bridging the Gap Between IT, OT & Leadership: Managing Cyber Risk in Manufacturing

Insights

Bridging the Gap Between IT, OT & Leadership: Managing Cyber Risk in Manufacturing

Manufacturing environments are built for performance, precision and uptime but when it comes to cyber security, gaps in communication between IT (Information Technology), OT (Operational Technology) and leadership can leave organisations exposed. Without clear alignment, important risks can go unidentified or underestimated.

Technical teams often speak in highly specialised language, while executives remain focused on KPIs and operational performance. At the same time, OT systems operate with their own priorities and constraints, often separate from traditional IT oversight. Without a unified view, the full picture of cyber risk can fail to reach the right decision-makers. In manufacturing, this disconnect is particularly alarming. Cyber incidents don’t just impact data, they can bring production lines to a standstill, delay shipments, disrupt supply chains and even introduce safety risks on the factory floor.

Risks Facing the Manufacturing Industry

The manufacturing sector presents a unique and complex threat landscape, including:

Legacy systems and outdated security protocols that are difficult to patch or replace without disrupting operations
Industrial IoT (IIoT) devices, increasing connectivity but also expanding the attack surface
Operational Technology (OT) environments, where production systems were not originally designed with cyber security in mind
Intellectual property theft, particularly for organisations involved in design, engineering or proprietary processes
Supply chain vulnerabilities, where third-party access or disruption can lead to significant production downtime

The recent Jaguar Land Rover (JLR) cyber attack is a stark example of the scale of impact these incidents can have. The attack forced production shutdowns across multiple sites, disrupted thousands of suppliers and is estimated to have cost the UK economy around £1.9 billion, making it one of the most financially damaging cyber events in UK history.

In response, the UK government stepped in to support the wider supply chain, highlighting how cyber incidents in manufacturing can quickly escalate beyond a single organisation and become a national economic concern. It was reported the month after the attack that some businesses within the chain had only “seven to 10 days of money left” due to the attack and halt in production. It is also believed to be the first time that a company has received government help as a result of a cyber attack.

Departmental Silos Explained:

Whilst no two organisations are identical, there are a lot of similarities when it comes to structure, operations and culture. One aspect we have seen time and time again, unfortunately, is departmental silos.

If this is a new concept, we’ve created a simple diagram to explain what it is and how it impacts cyber security.

IT (Information Technology): Responsible for corporate systems, networks and data security. IT teams typically lead on cyber security initiatives, but often have limited visibility or control over production environments.
OT (Operational Technology): Responsible for production systems, machinery and industrial control environments. The primary focus is uptime, safety and efficiency, meaning security measures can sometimes be secondary to operational continuity.
Leadership / Operations: Focused on business performance, output, cost and efficiency. While ultimately accountable for risk, leadership may not always have full visibility into the technical or operational cyber risks across IT and OT.

Cyber security does not sit neatly within any one of these areas. As a result, responsibility can become blurred, creating gaps where risks are not fully owned, understood or addressed. This lack of clear ownership makes it difficult to maintain a consistent and effective security posture across both IT and production environments.

Explaining the Cyber Security Void

The void, an ominous name, reflects the fact that problems in these five areas can lead to negative consequences.

Visibility:

Visibility remains one of the most critical components of cyber security, particularly in manufacturing environments where IT and OT operate across different systems, networks and priorities. A single unseen vulnerability can have serious consequences, from halting production to impacting safety on the factory floor.

In many organisations, IT teams have strong visibility over corporate systems, while OT environments (such as production machinery, programmable logic controllers (PLCs) and control systems) are far less monitored. As a result, each silo operates with a different level of visibility and decisions are often made in isolation. This “siloed decision-making” means risks can be assessed without acknowledging the full picture, creating gaps where threats can go undetected.

Without a unified view across IT, OT and leadership, organisations may believe they are secure, when in reality, critical exposures remain hidden.

Maximising Existing investment:

In manufacturing environments, cyber security investments are often shaped by legacy infrastructure, operational constraints and the need to maintain continuous uptime. Many organisations are running critical production systems on older technologies that cannot be easily upgraded, patched or replaced without introducing risk to operations. This can limit how newer security tools are deployed and integrated, particularly across OT environments.

As a result, organisations often face challenges in identifying where improvements can realistically be made and where investment will have the greatest impact. By taking a more holistic approach, one that considers both IT and production environments, organisations can better utilise existing tools, reduce duplication and simplify the management of cyber risk while improving return on investment.

Specialist Resource:

Cyber security in manufacturing requires a blend of IT, OT and security expertise, yet all these skillsets cannot exist within a single individual or even a small team. Engineers understand production systems, IT teams understand infrastructure and cyber specialists understand threats, but bringing these disciplines together is a challenge.

For many organisations, particularly mid-sized manufacturers, building a fully resourced in-house security team is not feasible and expecting one individual to cover all areas, from network security to industrial control systems, is unrealistic. A more practical approach is to identify key risk areas, prioritise them, then assess resources and consider solutions or services that can address multiple gaps simultaneously.

Complacency:

In established manufacturing environments, long-standing processes and systems can lead to a level of complacency. Production uptime is often prioritised above all else, meaning systems are left unchanged for long periods, especially within OT environments.

At the same time, assumptions can build between departments. Leadership may expect IT to manage all aspects of cyber risk, while IT and compliance teams rely heavily on periodic assessments such as audits or penetration tests. Without continuous communication and validation, these assumptions can create gaps where risk is underestimated or overlooked.

Assurance:

Closely linked to complacency is the concept of assurance. Many organisations have defined roles, processes and procedures in place, but without regular validation, it can be difficult to confirm whether they are being followed effectively.

In manufacturing, this is particularly important where IT and OT processes may differ significantly. Relying on documentation or historic practices is not enough, organisations need ongoing verification that controls are working as intended across both environments.

Ultimately, cyber security is a shared responsibility across IT, OT and leadership but for it to become embedded within the organisation, it must be driven from the top and supported by a culture of accountability and continuous improvement.

Senior leaders can utilise the NCSC’s Cyber Security Toolkit for Boards as an additional resource. You can also read our Deciphering the NCSC’s Cyber Security Toolkit for Boards blog here.

Tips to Bridge the Gaps Between IT, OT & Leadership

Understanding the challenges is one thing, addressing them effectively is another. In manufacturing environments, where IT, OT and leadership operate with different priorities, reducing the “cyber security void” requires a coordinated approach. Here are six key steps to improve alignment and strengthen cyber resilience:

1) Define Clear Roles and Responsibilities

In many manufacturing organisations, accountability for cyber security is unclear, particularly across IT and OT environments. IT teams are often expected to manage all aspects of security, despite limited visibility or control over production systems.

Clearly defining roles, responsibilities and ownership across IT, OT and leadership is essential. By understanding internal capabilities, resource limitations and current risk posture, organisations can set realistic expectations and have more informed discussions about the pace and direction of cyber maturity.

2) Provide Targeted Training Across All Levels

While cyber security is a growing priority at board level, many decision-makers come from operational or commercial backgrounds rather than technical ones. At the same time, OT teams may have limited exposure to cyber risk beyond system uptime and reliability.

Targeted training, workshops and scenario-based exercises (such as production-focused tabletop simulations) can help bridge this knowledge gap. These sessions should focus on real-world manufacturing scenarios, enabling leadership and operational teams to better understand cyber risk, its potential impact on production and their role in managing it.

3) Adopt an Integrated IT/OT Risk Management Approach

Cyber risk in manufacturing cannot be managed in isolation. IT and OT environments are increasingly interconnected, meaning risks in one area can quickly impact the other.

Bringing together IT, OT and leadership to conduct joint risk assessments and strategy sessions helps build a shared understanding of threats and priorities. Establishing regular reporting and communication ensures cyber risk is consistently visible at leadership level, transforming it from a reactive issue into a strategic consideration.

4) Establish a Unified View of Risk

Having partial visibility is no longer enough. Each function, IT, OT and leadership, often has its own perspective of risk, which can lead to decisions being made without full context.

A unified, holistic view across all environments is critical. This enables more informed, collaborative decision-making, particularly when it comes to prioritising investments, managing production risks and allocating resources. Without this alignment, organisations risk overlooking smaller vulnerabilities that can combine into larger, more damaging incidents.

5) Build a Practical, Phased Cyber Security Roadmap

In manufacturing, change must be carefully managed to avoid disrupting operations. Attempting to implement large-scale transformation too quickly can introduce additional risk.

Instead, organisations should develop a strategic roadmap aligned to both business objectives and operational constraints. By setting clear, achievable goals and prioritising improvements based on risk, organisations can make steady progress without compromising production stability.

6) Challenge Assumptions and Validate Controls

Assumptions between departments, such as “IT has it covered” or “this system is secure because it always has been”, can lead to false assurance.

Regular validation of controls, processes and responsibilities is essential, particularly across IT and OT environments where practices may differ significantly. Encouraging open communication and constructive challenge helps ensure that risks are properly understood and managed, rather than being overlooked or accepted by default.

Continuous Real-World Cyber Risk Assurance

If you are committed to bridging the gap between IT, OT and leadership but need further support, Data Connect can help.

Through vSOC Assure, our cyber risk management service, we work with manufacturing organisations to manage cyber risk across both corporate systems and production environments. Our service brings together IT, OT and leadership, ensuring cyber risk is clearly understood, communicated and managed across the organisation.

With access to our vSOC Connect Console and support from our expert cyber security team, including vCISOs and subject matter experts, we help you navigate the practical challenges of securing manufacturing environments, balancing cyber resilience with the need for continuous uptime.

By taking a holistic, real-world approach, you’ll gain greater visibility into your risk landscape, improve collaboration between teams and build confidence in both your security posture and operational resilience.

Insights

Bridging the Gap Between IT, OT & Leadership: Managing Cyber Risk in Manufacturing

Risks Facing the Manufacturing Industry

Departmental Silos Explained: