Dale Peterson’s article argues that two seemingly contradictory statements about OT cybersecurity are both true at the same time. On one hand, he says the real-world impact of OT cyber incidents—excluding ransomware that only affects IT—has remained extremely small, accounting for less than 1% of all OT outages and OT-related financial losses. On the other hand, he insists that a skilled and determined attacker could still cause severe or even catastrophic damage across many industrial environments, because attackers are becoming more capable, more persistent in OT settings, and better at collecting site-specific process knowledge. The article’s central point is that the OT security community often splits into camps that emphasize only one side of this reality, either celebrating the low incident numbers or warning about the high-end threat, when in fact both perspectives are grounded in evidence.

Peterson’s broader message is that OT security strategy should be built around holding these two facts together rather than choosing between them. He says it should be possible to recognize that 2025, like the years before it, was in one sense a very good year for OT security because cyber-caused impact remained tiny, while also admitting that most OT environments still lack the maturity needed to withstand a serious attack from a capable adversary. The article does not present a checklist of controls; instead, it points readers toward a more strategic approach based on asking the right questions, developing plans, and improving organizational readiness over time. In that sense, the piece is less a technical analysis than a call for intellectual balance: the low number of successful high-impact incidents should not lead to complacency, but the existence of serious threats should not erase the fact that actual damage remains comparatively rare.

‍

Source: https://dale-peterson.com/2026/03/17/the-ot-cyber-incident-and-threat-dichotomy/