Why it matters now: The industrial internet is expanding at breakneck speed — with more than 25 billion connected IoT devices projected globally by 2026 — yet the governance frameworks designed to protect factory-floor PLCs remain dangerously fragmented. A new GlobalData Industrial Internet report (2026 edition) delivers an unambiguous warning: manufacturers can no longer treat cybersecurity, operational safety, and business risk as separate silos. The convergence of IT and OT has made unified PLC security governance not just best practice, but an existential imperative.
Analyst Insight: The attack surface is expanding faster than the regulatory and governance response. In 2025, ICS vulnerabilities hit an all-time high — with 2,155 CVEs published across 508 advisories — yet only 22% received a formal CISA advisory, down from 58% in 2024. The gap between vulnerability discovery and institutional response is widening at precisely the moment industrial connectivity is accelerating.
The IIoT Explosion and the PLC Vulnerability Gap
Programmable Logic Controllers — the unglamorous workhorses of every modern assembly line — have become prime targets in today's threat landscape. Once isolated behind air-gapped networks, many PLCs are now internet-connected for remote monitoring, diagnostics, and predictive maintenance. This connectivity unlocks enormous operational value but simultaneously exposes critical machinery to threat actors who understand an uncomfortable truth: shutting down a production line inflicts far more financial damage than encrypting office files.
The numbers tell a stark story. The global industrial control system security market is projected to surge from $17.91 billion in 2026 to $38.48 billion by 2031, reflecting a 16.5% CAGR driven by escalating attack frequency. Meanwhile, the FBI's Internet Crime Report confirms more than 1,300 ransomware complaints targeting U.S. critical infrastructure sectors in a single year.
Market Trend: Manufacturing threat actors have shifted tactics decisively. Rather than pursuing data exfiltration — where victims might restore from backups — ransomware gangs now prioritize production-line disruption. A dead assembly line costs manufacturers an average of $260,000 per hour in downtime, creating coercive leverage that data-hostage scenarios cannot match.
Remote Access: The Hidden Threat Vector on Every Factory Floor
Remote access capabilities — widely deployed across modern PLC installations for vendor support, system integration, and real-time diagnostics — represent what GlobalData identifies as a primary threat vector. The convenience of remote PLC access often outruns the security controls surrounding it, leaving factory floors exposed to credential-stuffing, man-in-the-middle attacks, and unauthorized configuration changes.
In April 2026, U.S. federal agencies issued an urgent joint advisory confirming that Iranian-affiliated APT actors were actively targeting internet-exposed Allen-Bradley PLCs across critical infrastructure sectors. The attackers were not merely probing — they were maliciously interacting with project files and manipulating data displayed on HMI and SCADA interfaces, creating dangerous discrepancies between what operators saw and what machines were actually doing.
Key Threat Statistics: PLC & ICS Cyber Risk at a Glance
-
2,155 ICS-related CVEs published in 2025 — an all-time record, up significantly year-over-year.
-
508 ICS security advisories issued in 2025, the highest volume since tracking began.
-
22% of ICS vulnerabilities received a CISA ICSA in 2025 — down from 58% in 2024, signaling growing institutional lag.
-
$38.48 billion projected ICS security market value by 2031 (from $17.91B in 2026), CAGR of 16.5%.
-
1,300+ ransomware complaints against U.S. critical infrastructure reported to the FBI in 2024.
-
25 billion+ connected IoT devices projected globally by 2026 — each a potential entry point to OT networks.
Inside GlobalData's 2026 Industrial Internet Report
The 2026 edition of GlobalData's flagship Industrial Internet report cuts through the noise with a clear central thesis: cyber governance architectures in manufacturing must evolve to bring cybersecurity, operational safety, and business risk together within a unified decision-making framework. Fragmented governance — where IT security teams manage network firewalls while plant engineers manage physical safety and the C-suite manages enterprise risk on a separate ledger — creates dangerous blind spots that sophisticated threat actors are increasingly exploiting.
The report emphasizes that internet-connected sensors and actuators — the very devices enabling Industry 4.0 efficiencies — are becoming "increasingly critical" as attack vectors. Every temperature sensor, pressure gauge, and flow meter connected to a PLC represents a potential pivot point for adversaries moving laterally through industrial control environments.
What does GlobalData mean by 'unified approach'?
A unified cyber risk approach, as articulated in the GlobalData report, means integrating three historically separate domains under a single governance structure: (1) Cybersecurity — network defense, access control, vulnerability management, and threat detection; (2) Operational Safety — ensuring that cyber incidents do not translate into physical harm, equipment damage, or environmental releases; and (3) Business Risk — quantifying cyber exposure in financial terms that enable executive decision-making aligned with enterprise risk appetite. The goal is to eliminate situations where a cybersecurity decision inadvertently increases operational risk, or where a business-continuity choice undermines security posture.
The Three Pillars of Unified Cyber Risk Governance
Drawing from the GlobalData framework and broader industry developments in 2026, three pillars emerge as essential for manufacturers seeking to unify their cyber risk approach across PLC-heavy environments.
Pillar One: Converged IT-OT Visibility
You cannot govern what you cannot see. Unified governance begins with network-level visibility that spans both corporate IT and operational technology environments. Traditional IT monitoring tools typically lack the protocol awareness — Modbus, EtherNet/IP, PROFINET — required to detect anomalous PLC behavior. Manufacturers must invest in OT-native detection platforms that understand industrial protocols while feeding into enterprise-wide risk dashboards.
Pillar Two: Secure-by-Design Remote Access
Remote PLC access is not going away — it is essential to modern manufacturing competitiveness. The answer is not to eliminate remote connectivity but to architect it securely through zero-trust principles: multi-factor authentication, session recording, just-in-time access provisioning, and continuous monitoring. Every remote session to a PLC should be treated as potentially hostile until verified otherwise.
Pillar Three: Cross-Functional Risk Quantification
Cybersecurity metrics that stop at "number of patched vulnerabilities" fail to equip business leaders for risk-based decision-making. Unified governance requires translating technical PLC security data into financial risk expressions — expected downtime costs, regulatory penalty exposure, and supply-chain contagion scenarios — that the board and C-suite can weigh against other enterprise risks using a common economic language.
Analyst Insight: The most sophisticated manufacturing organizations in 2026 are adopting the FAIR (Factor Analysis of Information Risk) model to quantify PLC-related cyber risk in dollar terms. This enables direct comparison between cybersecurity investment and other capital allocation decisions — transforming security from a cost center into a business-enablement function.
What Manufacturing Leaders Must Do Now
GlobalData's report is not merely diagnostic — it carries an implicit call to action. For plant managers, CISOs, and manufacturing executives, the path forward demands concrete steps before the governance gap widens further.
First, audit every internet-facing PLC connection. Many organizations discover they have far more exposed devices than their asset inventories suggest. Second, establish a cross-functional cyber risk committee that includes engineering, IT security, legal, and executive leadership — meeting at least quarterly to review PLC threat intelligence and governance alignment. Third, pressure-test incident response plans against OT-specific scenarios where a PLC compromise causes physical consequences, not just data loss.
The industrial internet's trajectory is irreversible. The question GlobalData poses — and that every manufacturing leader must answer — is whether their governance model will evolve in lockstep with their connectivity footprint, or whether they will learn the answer through a production-halting breach.
FAQ: Common Questions About PLC Cyber Risk Governance
Q: Are older PLC models more vulnerable than newer ones?
Yes — legacy PLCs often lack firmware-level authentication, encrypted communication protocols, and secure boot capabilities. Many were designed before network connectivity was contemplated. However, even modern PLCs are vulnerable when default credentials remain unchanged or remote access is improperly configured.
Q: How does unified governance differ from traditional IT-OT convergence?
Traditional IT-OT convergence focuses on technology integration — connecting networks and sharing data. Unified governance goes further by merging decision-making authority, risk assessment methodologies, and accountability structures so that cybersecurity, safety, and business continuity are managed as a single discipline rather than negotiated across silos.
Q: What regulatory pressures are driving unified cyber risk governance?
In the U.S., CISA's evolving directives for critical infrastructure, alongside sector-specific regulations in energy (NERC CIP) and chemicals (CFATS), increasingly mandate integrated risk management approaches. In Europe, the NIS2 Directive and the Cyber Resilience Act impose unified reporting and governance obligations that span IT and OT domains.
