How a Multi-Site Manufacturer Closed a Critical OT/IT Security Gap and Avoided a $2.1M Insurance Exclusion
6/4/20264 min read
Operational technology — the industrial control systems, SCADA platforms, programmable logic controllers, and manufacturing execution systems that run physical production processes — has historically operated in isolation from corporate IT networks. That isolation was by design: OT systems were air-gapped, proprietary, and managed by separate teams with separate tooling. Cybersecurity, as a discipline, largely did not apply to them.
That isolation no longer exists in most manufacturing environments. The convergence of OT and IT networks — driven by real-time production data requirements, remote monitoring capabilities, ERP integration with shop floor systems, and the operational benefits of connected manufacturing — has eliminated the air gap in the majority of mid-market manufacturing operations. What has not kept pace is the security architecture required to protect the converged environment.
The client in this case study is a precision components manufacturer operating four production facilities. They came to us following a cyber insurance renewal in which their carrier, having conducted a security questionnaire review, identified an OT/IT convergence gap and issued a formal exclusion: any incident originating from or propagating through OT systems would not be covered under the policy. The excluded exposure, per the carrier's assessment: $2.1 million in potential business interruption and equipment replacement costs.
OT/IT convergence is the most underaddressed security gap in mid-market manufacturing. The IT team often does not fully understand the OT environment. The OT team often does not think in security terms. And the attack surface created by their convergence is real, exploitable, and increasingly targeted by ransomware groups who have learned that encrypting production systems creates more ransom pressure than encrypting office computers.
The assessment: mapping the converged environment
We began with a joint assessment involving both the IT and OT teams — which, notably, had never conducted a combined security review before this engagement. The assessment findings:
• Network architecture: the four production facilities each had direct layer-2 connectivity between the corporate IT VLAN and the OT production VLAN. There was no network segmentation between the environments — a compromised IT endpoint could reach OT systems without traversing any security control
• OT system patching: the SCADA platform running production line control at three of the four facilities was running a version that was two major releases behind current, with six known vulnerabilities documented in the National Vulnerability Database — two rated critical. The OT vendor had released patches, but the operations team had not applied them due to concerns about production impact during the update process
• Remote access to OT systems: two vendors had persistent remote access to OT systems for maintenance purposes, using shared credentials that had not been changed in over three years. One vendor had not used the access in 14 months but it remained active
• IT/OT authentication boundary: the domain credentials used by IT staff had administrative access to OT systems through the converged network. There was no separate authentication boundary between the environments
• Incident response planning: the existing incident response plan addressed IT systems. There was no OT-specific incident response procedure — no documented process for containing a production system compromise while maintaining safe plant operation
The remediation
The remediation plan was designed in close coordination with the operations team, with a primary constraint: no production downtime during the remediation process. Every change to the OT environment required a documented maintenance window and rollback procedure. The remediation executed over 90 days:
• Network segmentation: a demilitarized zone was established between IT and OT networks at each facility, with a next-generation firewall enforcing policy between the environments. Only explicitly authorized traffic flows — ERP to MES data feeds, specific monitoring protocols — were permitted across the boundary. All other cross-network communication was blocked by default
• OT system patching: a phased patch deployment was executed across all four facilities during scheduled maintenance windows, completing the SCADA platform update and addressing all critical and high-severity vulnerabilities
• Vendor access remediation: shared credentials were replaced with individual vendor accounts on a privileged access management platform with just-in-time access — vendors request access for a specific maintenance window, receive time-limited credentials, and access is automatically revoked at window close
• Authentication boundary: OT system access was separated from the corporate domain, requiring separate credentials for the OT environment that were managed independently
• OT incident response procedure: a production-specific incident response plan was developed covering containment, safe plant shutdown procedures, recovery sequencing, and communication protocols for OT-specific incidents
The outcome
The cyber insurance carrier conducted a follow-up security review 90 days after the remediation completion. The OT/IT convergence exclusion was removed from the policy. The carrier also reduced the annual premium by 11 percent, reflecting the improved security posture. Total value of the exclusion removal: the full $2.1 million in previously excluded coverage reinstated.
The operations director's comment at project close: "We knew the IT and OT networks had grown together over the years. We did not know how exposed that made us until someone looked at it as a security architecture question rather than a network operations question."
What manufacturers need to understand
If your manufacturing operation has converged IT and OT networks — which is the case for the majority of facilities that have implemented ERP integration, remote monitoring, or connected manufacturing initiatives in the past decade — and you have not conducted a security assessment of that converged environment, the findings above are likely familiar. The exposure is real, it is insurable, and it is addressable. Contact Sigma Technology Consulting at sigmatechconsult.com to discuss an OT/IT security assessment for your facilities.
Sigma Technology Consulting, Inc.
25 Years of Experience, Vetting & Procuring Technology Vendors
Contact Us
Support
© 2026. All rights reserved.
