The Human Cost of an OT Cyber Incident

Cyber incidents in operational environments are routinely framed in financial terms. Ransom demands. Recovery costs. Lost revenue per hour. These numbers are real and they matter, but they tell only a fraction of the story.

The full picture is human. It is measured in redundancies, delayed hospital treatments, communities losing faith in the organisations that keep their lights on and water running, and in the quiet anxiety of workers who don’t know whether their employer and by extension, their livelihood will recover.

When we talk about OT cyber risk, we need to talk about all of it.

In August 2025, Jaguar Land Rover suffered what became the most expensive cyber incident in UK history. Global production halted for five weeks. The £1.9 billion total cost drew headlines, and the Bank of England cited the attack as a contributing factor in slower UK GDP growth for that quarter.

But behind that figure were more than 5,000 supply chain businesses, component manufacturers, logistics providers, specialist subcontractors, many of them SMEs with no resilience plan of their own, waiting on one customer to come back online.

This is the multiplier effect of OT incidents. A single organisation going down doesn’t affect only itself. It sends shockwaves through every business, community, and family that depends on it.

"In most industries, a cyber incident is a technology problem. In industrial environments, it can become a safety emergency within hours."

In utilities, oil and gas, and healthcare, the stakes escalate quickly. OT systems don’t just run production lines, they regulate pressure in pipelines, manage dosing in water treatment, and keep critical hospital equipment functioning. When they fail, the window between ‘technology problem’ and ‘safety emergency’ can be measured in hours.

In April 2025, Masimo, a manufacturer of medical monitoring equipment, saw multiple factories running below capacity for weeks following an incident. The downstream question for their healthcare customers was uncomfortable: what happens to patient monitoring availability when your supplier’s production is compromised?

That same month, Nucor Steel, North America’s largest steel producer, was forced into a multi-site production halt. The ripple effects touched construction projects, infrastructure programmes, and the workers at sites that had no involvement in the incident whatsoever.

Shift workers, contractors, and agency staff rarely feature in post-incident analyses. They don’t appear in the incident reports sent to regulators, and their names aren’t in the press releases. But they feel the impact most acutely.

When a plant stops, hourly workers stop getting paid. When a utility is compromised, engineers and technicians face the pressure of manual operations with degraded systems and a public watching for failure. In communities where a single employer or utility is the economic anchor, an extended outage doesn’t just disrupt a balance sheet, it creates genuine hardship.

Technical recovery can be measured in days or weeks. Reputational recovery is harder to quantify and far slower to arrive. Public OT incidents, especially those affecting utilities, transport, or healthcare, create a lasting association between an organisation’s name and vulnerability, unreliability, or negligence.

Customers, regulators, and partners remember. Procurement teams add new security questions to their supplier questionnaires. Insurers reassess terms at renewal. The conversation about what went wrong and whether it could have been prevented often outlasts the incident itself by years.

The organisations that weather OT incidents best have something in common: they understood their risk before an attacker forced the conversation. They knew which systems, if compromised, would move from operational disruption to safety event. They had tested their response plans. They had mapped their dependencies.

That work isn’t glamorous. It doesn’t generate press releases. But it’s the difference between a manageable incident and one that makes headlines for the wrong reasons and leaves real people counting the cost long after the systems are back online.

If you’d like to understand where your OT environment sits today, our team is ready to help.