Oil and Gas Operators Overestimate Cyberattack Detection Capabilities
Event summary
- 87% of U.S. oil and gas OT decision-makers confident in 24-hour breach detection, but only 16% use continuous OT monitoring.
- 94% of operators have approved or are reviewing unplanned OT security funding post-Operation Epic Fury.
- 99% of operators report at least one cyber incident since February 28, 2026.
- 45% cite IT-OT culture gap as the biggest organizational barrier to progress.
The big picture
The oil and gas sector is responding with unprecedented urgency to heightened cyber threats post-Operation Epic Fury, with significant budget increases and a focus on detection capabilities. However, the reliance on IT tools with limited OT visibility and the IT-OT culture gap pose substantial risks to effective cybersecurity. The next 12 months will be critical in determining whether operators can bridge these gaps to prevent operational disruptions and financial losses.
What we're watching
- Detection Gap
- Whether oil and gas operators will close the detection gap with OT-native monitoring tools or continue relying on IT tools with limited OT visibility.
- Spending Priorities
- The pace at which operators will allocate budgets to continuous monitoring, anomaly detection, and OT-specific incident response capabilities.
- Regulatory Impact
- How federal agencies' advisories on Iranian-aligned cyber activity will influence operators' cybersecurity strategies and compliance measures.