The industrial cybersecurity workforce faces a structural problem that extends well beyond unfilled headcount: a pronounced shortage of professionals who can operate at the intersection of operational technology (OT), industrial control systems (ICS), and enterprise IT security. That gap is now translating into measurable operational failures across manufacturing and critical infrastructure.

Background

The scale of the broader cybersecurity workforce deficit provides important context. Approximately 4.8 million cybersecurity vacancies exist globally, and the workforce would need to grow by 87% to meet current demand. Within that aggregate shortage, the OT/ICS segment faces a compounding challenge: the skills required to secure industrial environments differ fundamentally from conventional IT security competencies.

For companies operating OT facilities, the talent challenge is notably more complex than in traditional IT security. While some assume technical expertise for OT environments resembles IT security requirements, the reality diverges sharply. OT skills center on protecting industrial control systems and related processes. Professionals must be conversant in industrial protocols, programmable logic controllers (PLCs), SCADA system architectures, and the safety-availability tradeoffs specific to process environments - a cross-domain competency profile that the existing labor pipeline produces in very limited numbers.

Manufacturing has been the most targeted industry for cyber incidents for five consecutive years, accounting for 27.7% of incidents across critical sectors, according to the IBM X-Force 2026 Threat Intelligence Index. Sixty percent of organizations experienced OT/ICS incidents in 2025, and 96% of those incidents originated from IT-level compromises, according to TXOne Networks and Frost & Sullivan research covering 200 C-level OT security decision-makers globally. This IT-to-OT attack pathway places particular pressure on defenders who must operate across both domains simultaneously.

Details

The most recent workforce data signals a shift in the nature of the problem. The SANS/GIAC 2026 Cybersecurity Workforce Research Report - for the first time in its three-year history - found that skills gaps decisively overtook headcount shortages as the top workforce challenge. When asked to choose between "not having the right staff" and "not enough staff," 60% of organizations identified skills gaps as the greater problem, a margin that widened sharply from just four points a year earlier.[1]

The hiring pipeline for experienced practitioners is particularly constrained. According to the SANS/GIAC 2026 report, 55% of senior cybersecurity roles take six months or longer to fill, and 38% of expert roles remain open for over a year. For critical infrastructure operators, these delays translate directly into prolonged risk exposure, particularly in energy, manufacturing, and utilities, where threat actors are increasingly active.

The SANS/GIAC 2026 report found that 27% of organizations reported experiencing breaches as a direct consequence of workforce skills gaps. Rob T. Lee, SANS chief of research, characterized the challenge in a media statement: "This is no longer a story about filling seats. Organizations have people. But those people are overwhelmed, under-resourced, and unable to develop the capabilities they need because they're too busy running today's operations."

For industrial operators specifically, even well-staffed teams operate with partial capability coverage, leaving OT, ICS, or process-level risks unaddressed. The SANS 2026 report finds that 68% of organizations experience moderate to extreme impact from regulations on hiring, while 95% report some level of regulatory influence - a sharp increase from 40% in 2025. Compliance mandates under frameworks including NIS2 and DORA are accelerating specialist hiring demand: the proportion of organizations needing new specialist roles jumped from 23% to 53% in a single year.

The burden falls disproportionately on smaller operators. A site may have only one or two people handling OT cybersecurity, and those individuals are frequently assigned the role without formal training. Well-funded sectors and larger corporations can compete for top cybersecurity talent, but smaller and under-resourced organizations often cannot - leaving critical gaps in expertise and defense with real-world consequences.

PwC's 2026 Global Digital Trust Insights identified OT and Industrial Internet of Things (IIoT) as pressure points in the current security landscape. Nearly half (47%) of leaders cited a lack of qualified personnel as their top challenge, and 39% pointed to unclear governance and ownership - exposing a deeper issue: many organizations still lack the structure and expertise to manage increasingly connected operational systems.

Organizations are responding through multiple channels. Many are exploring AI tools (53%), security automation tools (48%), cyber tool consolidation (47%), and upskilling or reskilling (47%) to manage capability gaps. Vendor-backed training programs and university co-op pipelines are gaining traction. Some companies are partnering with universities to create a steady stream of qualified candidates, while others pair junior employees with seasoned practitioners for on-the-job knowledge transfer.

Outlook

Regulatory pressure shows no sign of easing. Federal mandates that took effect in 2025 require utilities to implement continuous monitoring of critical systems, with each new compliance requirement creating an additional specialized staffing obligation. Standards bodies, including NIST and ISACA, are pressing organizations to adopt formalized workforce frameworks - such as the NICE Cybersecurity Workforce Framework - to define OT security roles and align hiring with both operational and regulatory expectations. Entry-level development and structured mentorships remain among the highest-return investments, particularly for organizations that need to sustain long-term capability rather than rely on external hiring alone.