Cyber Risk, Operational Resilience, and Insurance Alignment — CyberFOX — January, 28, 2026
By Staff Reports - January, 28th, 2026
Mid-market industrial organizations — spanning manufacturing, energy distribution, utilities, and their associated supply chains — are undergoing a profound shift in how they think about cybersecurity and operational resilience. Once able to rely on physical separation and legacy processes to protect industrial control systems, these organizations now operate in a digitally connected environment where the line between IT and OT is increasingly blurred. Ransomware attacks targeting OT networks have surged dramatically, often arriving through weak points in IT infrastructure before pivoting into production systems. At the same time, cyber insurers — facing years of escalating claims — have recalibrated their underwriting requirements, pushing for higher levels of identity security, privileged access management, and continuous visibility.
In this environment, mid-market operators face unique constraints. They often lack the staffing depth of large enterprises but still bear the same operational, safety, and regulatory burdens. Managed service providers (MSPs) are stepping into that gap, serving not only as technical partners but also as translators of insurance requirements, advisors on risk exposure, and advocates for internal champions attempting to secure budget and executive support.
To explore these dynamics, BizTechReports spoke with Wes Spencer, Vice President of Cybersecurity Strategy at CyberFOX. In this extended, in-depth discussion, Spencer explains the cultural tension between IT and OT, the growing influence of insurance carriers, the foundational role of identity and privilege management, and the evolving responsibilities of MSPs in safeguarding industrial operations.
Here is what he had to say:
STRATEGIC ASSESSMENTS
Full Vidcast Interview w/ Wes Spencer, Vice President of Cybersecurity Strategy at CyberFOX
BTR: We’re seeing a significant increase in ransomware targeting OT environments. Why is the mid-market industrial sector feeling this pressure so acutely right now?
Wes Spencer: A few forces have collided all at once. First, the overall threat landscape has shifted dramatically. Ransomware groups have become more efficient, more automated, and more businesslike. They aren’t just looking for data anymore — they’re targeting operations that, if disrupted, can create immediate leverage. Industrial environments fit that description perfectly.
Second, when you look at the data, a massive percentage of OT breaches — something like 75 percent — begin on the IT side. Attackers aren’t breaching an industrial control system directly. They’re compromising an email account, a workstation, a remote desktop protocol, or even a misconfigured identity tool. Once inside, they move laterally until they reach an OT gateway. In the mid-market, the lines between these environments are far more porous than many assume.
Third, industrial infrastructure is old. Many SCADA and OT systems were never intended to be connected to modern IT networks, and they weren’t designed to withstand cyberthreats. When the core operational technology of an industry predates the modern internet, you’re starting from a position of disadvantage. This is happening at the same time insurers are raising the bar on underwriting standards. When carriers signal that the status quo is no longer acceptable, organizations are forced to pay attention.
BTR: You mentioned the cultural divide between IT and OT teams. How is that complicating strategic risk management?
Spencer: IT teams are accustomed to rapid change. They patch systems constantly, roll out updates frequently, adopt new tools, and embrace an iterative mindset built around modernization. OT teams, by contrast, operate with a safety-first philosophy. They manage processes that must remain stable and predictable, and even small changes can disrupt critical operations or introduce safety risks.
When IT and OT teams are pushed together to meet cybersecurity expectations — especially under the scrutiny of insurers and regulators — tensions naturally arise. OT personnel may view IT-driven changes as risks to uptime and safety, while IT professionals may see OT’s reluctance as an obstacle to implementing essential controls. Leadership must help bridge that divide by crafting strategies that respect the constraints and priorities of both groups while still meeting modern security requirements.
BTR: Are business leaders starting to appreciate that convergence?
Spencer: They’re realizing they don’t have much choice. When a ransomware incident can shut down production for days or weeks — or, worse, create public safety implications — the risk becomes very real. Leaders also respond quickly to economic signals. If premiums double or a carrier declines to renew, executives suddenly want to understand why. That’s when boards begin asking pointed questions about identity security, privilege management, and the presence of outdated accounts. Insurance economics is accelerating this convergence.
OPERATIONAL IMPERATIVES
BTR: Given staffing constraints, how are mid-market industrial operators supposed to meet these new requirements?
Spencer: They can’t do it alone. A mid-market operator might have one full-time IT professional, maybe two, and those individuals already carry responsibility for daily operations, uptime, networking, help desk support, cloud services, and vendor coordination. Expecting them to manage complex cybersecurity functions — from identity governance to continuous monitoring to incident response preparedness — is simply unrealistic.
That’s why MSPs are so important. They bring capabilities that internal staff can’t provide at scale, including identity inventory, privilege mapping, endpoint controls, and advisory services. MSPs are also helping organizations understand insurer requirements and how to demonstrate compliance. They’ve become indispensable partners for mid-market operators trying to close gaps without expanding headcount.
BTR: You’ve said identity is the new perimeter. What does that mean specifically for industrial operations?
Spencer: It reflects the fact that most breaches today start with compromised credentials rather than exotic vulnerabilities. Attackers prefer valid accounts because they allow quiet movement across a network. In industrial environments, identity issues are amplified by the presence of outdated accounts, shared credentials, default service identities, remote access pathways, and systems that lack modern authentication mechanisms.
To protect these environments, organizations must rethink how identity is managed. That means eliminating unnecessary accounts, restricting administrative rights, enforcing multifactor authentication, and ensuring that elevated privileges are granted only when needed and revoked immediately afterward. In essence, attackers cannot escalate their access if the access pathways they rely on simply no longer exist.
BTR: What does an initial privilege assessment typically reveal in a mid-market industrial organization?
Spencer: It almost always reveals conditions that surprise leadership. Organizations often discover dormant accounts untouched for years, credentials that were created for contractors who left the organization long ago, and service accounts with far more authority than required. It’s also common to see production systems where multiple users share the same credentials for convenience.
These findings form the basis of a remediation strategy. The process gives organizations visibility they’ve never had before. Once they see the true scope of their exposure, it becomes much easier to make the operational case for privilege cleanup and identity modernization. MSPs play a major role in interpreting these findings and guiding the organization through the transition.
BTR: Is AI beginning to alter the operational picture at all?
Spencer: Slowly, and mostly in IT. AI has immense potential to analyze patterns, detect anomalies, and identify actions that fall outside established baselines. But OT systems often lack the data streams or modern interfaces that AI relies on. Over time, we may see AI become a key safety mechanism — the layer that identifies unusual commands and halts them before damage occurs. But that vision requires a foundation of modernization that many organizations have yet to build.
FINANCIAL IMPLICATIONS
BTR: You compared cybersecurity investment to preventative healthcare. How should CFOs think about risk reduction in financial terms?
Spencer: CFOs want predictable outcomes. Cybersecurity rarely offers that in traditional ROI terms, but risk reduction can be quantified. If insurers say that failure to implement a specific control will triple premiums, that’s a clear financial outcome. If an hour of downtime costs tens of thousands of dollars, that’s another quantifiable risk. When CFOs see cybersecurity as a mechanism for avoiding predictable financial losses — whether through insurance pricing, business interruption, or regulatory impact — the spending conversation becomes much more rational.
BTR: Insurance carriers are clearly influential. How much do they shape investment decisions?
Spencer: Significantly. Insurers possess large datasets showing which controls reduce risk and which environments produce losses. They’re using that knowledge to require or strongly encourage controls such as privilege management, MFA, and continuous monitoring. Organizations that resist those controls see higher premiums or reduced coverage. In many cases, insurers are acting as the catalyst for modernization when internal priorities alone might not be enough.
BTR: Where do MSPs fit into the financial decision-making process?
Spencer: MSPs have become crucial intermediaries. They take technical requirements and translate them into financial implications. They help clients understand not only what needs to be done but why it matters for underwriting, compliance, and operational resilience. When an MSP can show that implementing specific controls will enable insurance eligibility or reduce premiums, CFOs are far more inclined to approve the investment. MSPs that understand this interplay between technology and insurance economics are positioned for long-term growth.
TECHNOLOGY DEVELOPMENT
BTR: What technologies do you see as foundational for mid-market industrial organizations moving forward?
Spencer: Organizations need a strong identity foundation before they can adopt more advanced defenses. This includes consolidated identity stores, modern authentication practices, well-controlled privileges, robust endpoint visibility, and clear segmentation between IT and OT systems. Logging and telemetry are also essential. These are prerequisites for any future AI-driven defense. You can’t apply automated intelligence to environments that lack the basic data needed for analysis.
BTR: What about the modernization of industrial systems themselves?
Spencer: Modernization is essential but complicated. Industrial systems can’t be replaced quickly or cheaply. Many organizations will continue operating legacy equipment for years or even decades. However, insurers are likely to incorporate system age and upgradeability into underwriting decisions over time. Organizations running modern systems will eventually see more favorable premiums, while outdated systems may carry higher financial risk. This economic signal will gradually accelerate modernization efforts.
BTR: How are MSPs preparing for the next phase of technology development?
Spencer: MSPs are focusing heavily on identity-first architectures and building deep knowledge of insurance expectations. They’re also selecting tools that can function effectively across multi-tenant environments, ensuring they can support many clients simultaneously. Additionally, forward-looking MSPs are building incident response playbooks, enhancing threat detection capabilities, and investing in resilience strategies that go beyond traditional cybersecurity. They recognize that resilience is the ultimate metric for success.
BizTechReports Conclusion:
The accelerating convergence of IT, OT, cybersecurity, and insurance economics is reshaping the risk landscape for mid-market industrial organizations. Rising OT-targeted ransomware, infrastructure limitations, and increasingly stringent underwriting requirements are forcing organizations to confront vulnerabilities that can no longer be deferred. As Wes Spencer emphasizes, identity and privilege management sit at the center of this evolution — not as optional enhancements but as foundational elements of operational continuity.
At the same time, MSPs have emerged as essential partners. They bring the expertise, scale, and insurance literacy required to raise security maturity in organizations that lack the staffing depth to manage this shift alone. For CFOs and business owners, the message is increasingly clear: cyber resilience is not merely a technical objective but a financial imperative tied directly to insurability, operational continuity, and long-term viability.
In a threat environment defined by speed, sophistication, and interconnected systems, resilience has become the defining metric of industrial success.
###
EDITOR’S NOTE: Click here to learn more about CyberFOX