Industrial operators are facing mounting cybersecurity risks as limited in-house expertise and growing volumes of threat alerts strain their ability to respond effectively, according to findings cited in a recent industry report that names Honeywell among the leading providers of operational technology security services.

The assessment, published by Omdia in its 2025–26 Operational Technology Cybersecurity Services Report, reflects increasing pressure on organizations managing industrial systems such as manufacturing plants, refineries and building control environments. The report draws on a survey of 220 cybersecurity professionals and highlights a widening gap between threat exposure and organizational readiness.

According to the findings, only 36% of respondents consider their internal operational technology security teams to be “very prepared” to handle current risks. Respondents also identified alert fatigue and the challenge of filtering high volumes of security notifications as key operational constraints, raising concerns about the ability to detect early-stage cyber threats.

Omdia ranked Honeywell as a market leader in OT cybersecurity services based on customer evaluations of service quality and likelihood to recommend. The rankings were derived from feedback provided by organizations that have directly engaged with vendors, rather than from theoretical benchmarking.

Honeywell received top-tier scores across multiple performance categories, including managed security services for operational technology, breadth of solutions, strategic direction and innovation, as well as overall market momentum. The company also recorded strong performance in platform capabilities and execution, placing it among the highest-rated providers in the report.

The recognition comes amid growing convergence between information technology and operational technology systems, a shift that has expanded the attack surface for industrial enterprises. Cybersecurity strategies are increasingly required to address both IT and OT environments simultaneously, particularly in sectors where operational disruption can have safety and economic consequences.

Honeywell states that its cybersecurity portfolio is designed to operate across diverse industrial environments without disrupting ongoing operations. Its offerings include asset discovery, network monitoring and intrusion detection systems, alongside artificial intelligence-driven threat analysis and continuous monitoring frameworks.

The company also provides enterprise-level compliance visibility and mechanisms for controlling removable media such as USB devices, which are often identified as potential vectors for cyber intrusion.In addition to technology solutions, Honeywell offers more than 30 professional services tailored to operational technology security.

These include system assessments, penetration testing, network architecture design, remediation planning and workforce training programmes. Such services are intended to address both technical vulnerabilities and organizational preparedness, which analysts say are equally critical in managing cyber risk.

The report underscores the importance of regulatory alignment as cybersecurity requirements evolve across jurisdictions. Organizations operating in industrial sectors are increasingly required to comply with sector-specific regulations, particularly in critical infrastructure domains.

External service providers are often relied upon to interpret and implement these frameworks, especially where internal expertise is limited.Another factor highlighted in the report is the role of partnerships in bridging the gap between IT and OT functions. As industrial systems become more interconnected, cybersecurity responsibilities are no longer confined to isolated teams, requiring coordinated approaches across enterprise structures.

The findings reflect broader trends in the cybersecurity market, where demand for specialized services is rising alongside the complexity of threat landscapes. Industrial environments, traditionally considered isolated from external networks, are now more frequently targeted due to increased connectivity and digitalization.

Omdia’s evaluation suggests that vendors offering integrated solutions and domain-specific expertise are better positioned to meet these challenges. Honeywell’s ranking in the report is attributed to the scale of its service portfolio, its experience in industrial sectors and its ability to deploy solutions globally.

The report does not provide forward projections but indicates that current gaps in preparedness, combined with escalating cyber risks, are likely to sustain demand for managed security services in operational technology environments.

Richard Horne, who leads the NCSC, part of Britain’s GCHQ, is expected to warn in a speech at the CyberUK conference that the country is navigating “the most seismic geopolitical shift in modern history,” according to remarks released in advance.

Horne will say the agency is handling around four “nationally significant” cyber incidents each week. While criminal activity such as ransomware remains the most frequent threat, he will emphasize that the most severe risks originate from state-linked operations.

He is expected to caution that British businesses must prepare for large-scale cyberattacks in the event of a broader international conflict, noting that such incidents could disrupt operations in ways that cannot be mitigated through payments, unlike some ransomware attacks.

Western officials have increasingly linked cyber operations to wider geopolitical conflict following Russia’s full-scale invasion of Ukraine. According to data tracked by the Associated Press, more than 155 incidents including cyberattacks, sabotage and espionage have been attributed to Russia or its proxies since early 2022.

Authorities across Europe have reported similar threats. Governments in Sweden, Poland, Denmark and Norway have warned of cyberattacks targeting infrastructure such as power plants, dams and water systems, with several incidents attributed to actors linked to Russian intelligence services.

Horne will describe China’s cyber capabilities as highly sophisticated, while warning that Iran is likely using cyber tools to target individuals in the UK perceived as threats to its government.

He will also highlight what he calls “sustained Russian hybrid activity” extending beyond the battlefield into Europe.

The warning echoes remarks made in December by Blaise Metreweli, head of Britain’s Secret Intelligence Service, who said the global security environment is more contested than at any point in recent decades.

The Federal Office for the Protection of the Constitution (BfV) said the alert was issued in coordination with Germany’s foreign intelligence agency, the BND, and the U.S. Federal Bureau of Investigation.

The group, also known as “Fancy Bear,” has been attributed by Western governments to Russia’s military intelligence service, the GRU.According to the BfV, APT28 exploited weaknesses in TP-Link routers, affecting several thousand devices worldwide, including about 30 in Germany.

In some cases, authorities confirmed breaches, leading operators to replace compromised hardware.The agency said the campaign was aimed at facilitating surveillance of sensitive targets, including state institutions and key infrastructure networks.

APT28 has previously been linked to cyberattacks against Germany’s parliament, the Social Democratic Party and air traffic control systems, underscoring its long-standing role in espionage operations targeting European institutions.

German authorities urged heightened vigilance and coordination among operators to mitigate risks posed by the ongoing campaign.

Iran’s military renewed its warning on Sunday, saying it would target energy, information technology and desalination facilities linked to the United States and Israel if its own infrastructure continued to be hit.

The statement, issued by the Khatam Al-Anbiya operational command and carried by Fars news agency, followed a 48-hour ultimatum from U.S. President Donald Trump to reopen the Strait of Hormuz or face strikes on Iranian power plants.

The threats mark a rare escalation into water systems, which have historically been less frequent targets in warfare. However, recent incidents suggest a shift. Bahrain said an Iranian drone strike on March 8 damaged a desalination plant, though authorities reported no disruption to supply.

Iran, in turn, accused the United States of striking a desalination facility on Qeshm Island that supplies dozens of villages, calling it a dangerous precedent. Iranian Energy Minister Abbas Aliabadi said multiple water transmission and treatment facilities had been hit, damaging critical supply networks.

Analysts warn that targeting such infrastructure could significantly widen the conflict. Water economist Esther Crauser-Delbourg said earlier this month that attacks on water systems risk triggering “a war far more enormous” than the current confrontation.

The Middle East’s dependence on desalination heightens the stakes. According to World Bank data, water availability in the region is roughly one-tenth of the global average, making engineered water supply systems essential.

The region accounts for about 42% of global desalination capacity, with Gulf states relying heavily on the technology for drinking water. Desalinated water supplies around 42% of demand in the United Arab Emirates, 70% in Saudi Arabia, 86% in Oman and 90% in Kuwait, based on a 2022 report by the French Institute of International Relations.

Large urban centres such as Dubai and Riyadh depend on uninterrupted operation of these plants. A U.S. intelligence assessment cited in earlier diplomatic communications warned that disruption of desalination systems could have more severe consequences than the loss of any other major industry in the region.

Desalination plants face multiple risks in a conflict environment, including direct missile or drone strikes, power outages and contamination of intake water from oil spills.

Operators have moved to strengthen protection. Philippe Bourdeaux, a regional executive at French utility Veolia, said access controls around facilities had been reinforced and authorities in some countries had deployed missile defence systems near major plants.

Facilities are often interconnected, allowing some redistribution of supply if one site is damaged. Most also maintain reserves equivalent to two to seven days of consumption, providing a limited buffer against short-term disruptions.

Direct attacks on desalination infrastructure have been relatively rare. Iran-backed Houthi forces in Yemen have previously targeted such facilities in Saudi Arabia, while coalition strikes have hit water systems in Yemen. Israeli operations have also affected water infrastructure in Gaza, according to conflict monitoring data.

Broader targeting of water systems dates back to the 1991 Gulf War, but experts say the current scale of dependence on desalination makes the risks more acute.Prolonged outages could trigger severe consequences, including water rationing and population displacement from major cities.

Disruptions would also affect industries reliant on water, including tourism, manufacturing and data centres, amplifying the economic fallout of the conflict.