When it comes to OT cybersecurity incidents, the stakes couldn’t be higher. A single misstep can bring entire production lines to a halt, cause irreparable damage to machinery, or ignite chaos between departments. We’ve seen it all first-hand—sometimes brought in too late, sometimes just in time. Here are three of the most shocking OT horror stories we’ve fixed for our customers (after others got it badly wrong).
Factory Machine Obliterated by “Top” Pentest Firm
One of our retail customers, heavily reliant on their factory production line, was left absolutely gobsmacked when their pentest provider confidently reassured them they “knew what they were doing and not to freak out” right before launching a loud, sweeping “pentest” across the entire factory network.
This so-called “little scan” triggered utter mayhem across the business. A critical piece of machinery went offline, not just temporarily, but completely unresponsive. It wouldn’t power back on, no matter what they tried. The customer was then forced to bring in the manufacturer’s support engineers on an emergency callout to revive the machine. That process took nearly 30 hours, leaving the machine offline the entire time and racking up a truly eye-watering financial hit.
Despite this chaos, worthy of a Jerry Springer episode, the pentest provider not only billed the customer for the test but also flatly refused to cover any of the support costs.
At the time, this customer had already worked with us on a few consultancy projects. After this expensive incident, they came straight back to us for help. We stepped in to firmly demonstrate how security assessments in industrial environments should be conducted. We then worked with the customer to develop a proper offensive security strategy that assessed the security of their industrial systems, validated their IT and OT configurations, and provided documentation to support their insurance claims.
Despite this chaos, worthy of a Jerry Springer episode, the pentest provider not only billed the customer for the test but also flatly refused to cover any of the support costs ... After this expensive incident, they came straight back to us for help.
IT Security Nearly Sparked a War Over Patching Outdated Production Machines
Like many in IT security, the team at one of our consultancy clients had been taught that patching is paramount to avoid OT cybersecurity incidents. From university lectures to training courses and everything found via ChatGPT or Google, patching always tops the list of “low-hanging fruit” for improving security. So they finally decided to tackle one glaring red flag: an ancient, clunky factory machine that hadn’t seen a patch in years.
The problem? That machine, while undeniably outdated, was well defended by the factory network architecture. Everyone knew it was old, but it rarely caused issues. And on the rare occasion it did, the in-house engineers knew exactly how to get it running again. It was critical to production, and taking it offline to patch would have caused such massive disruption and cost that leadership had simply ruled it out.
The long-term plan was to replace it one day with a shiny new model. But that would come with its own eye-watering price tag and inevitable downtime. For now, the business was operating on a strict zero downtime principle. Mistakes might happen, but overall, things were running smoothly. Realistically, the machine would be swapped out in about four years, once the new one was operational. And, if we are honest, most of the leadership team were hoping they would have sold the business by then, making it someone else’s problem.
From the leadership’s point of view, downtime caused by patching would be just as damaging as a ransomware attack. It was non-negotiable. Those responsible for hitting production targets were not about to risk their reputations just to help the IT security team clear a red box on their dashboard.
That is when the Head of Operations got in touch with us via word of mouth to perform an architectural review of the factory network and a configuration assessment of the boundary defences. We did just that. While there were a few easily mitigated issues, our report clearly showed that the old machine posed minimal risk in its current setup and was safe to be left alone for the time being.
We worked with the Head of Ops to counter the IT security team’s demands and cool tensions before they escalated into full-blown internal conflict. With our support, the business implemented a formal exemption for the machinery that was sensible, documented, and politically bulletproof.
With our support, the business implemented a formal exemption for the machinery that was sensible, documented, and politically bulletproof.
"Mehhh, We Don’t Need to Secure the Factory"
While conducting a security maturity and risk assessment for an international manufacturing company, we came across one factory in India that had a history of recurring security issues.
Ahead of the site visit, our consultant decided to do a bit of detective work. On the call, he casually said, “When I come on site, I’d rather not faff around with passwords. I just want to connect my phone and laptop to the production network so I can get on with things quietly in the corner. Is that alright?”
Without hesitation, the factory’s technical manager, assuming he was just another business consultant, reassured him that the “no personal devices” rule wasn’t really followed and that everyone does it, so it would be no trouble at all.
On arrival, it didn’t take long to confirm the problem. Security controls had been stripped back in favour of convenience, making it easy for staff to connect their own devices without restriction.
We immediately conducted a rapid compromise assessment, identified ongoing threats, eradicated active risks, and implemented urgent mitigations. From there, we worked closely with the company to deliver training at the factory, deploy monitoring on perimeter devices, and establish proper standards across the entire manufacturing arm of the business.
Clear policies were developed, documented, and communicated in a way staff could actually understand and apply, not just buried in a PDF. What started as a weak link potentially leading to OT cybersecurity incidents became the catalyst for a much stronger and more consistent security posture across all factory locations.
If any of these OT cybersecurity incidents hit a little too close to home, you’re not alone—and you’re not without options. Whether you need to recover from a mess or prevent one in the first place, our team knows how to handle the complex, high-stakes world of industrial environments. Call us on +44 20 8133 0660 or fill out our contact form and we’ll help you get it sorted.
