What industrial and health care breaches teach us about cyber resilience

Enterprises are spending billions on cybersecurity—and yet cyberattacks still succeed every week.

Current cybersecurity investments focus on preventing and detecting attacks, not on containing them at the point of origin. Attackers are purpose-driven and sophisticated—they only need to succeed once. However, the defenders need to be right every time.

See also: What manufacturers risk when they try to patch everything

Reactive approaches that act ONLY after patterns are detected are too slow and overwhelm security analysts with too much information. The complexity of this approach deepens, as most of the information turns out to be false.

Even when 99.9% of attacks are blocked, the 0.1% that succeed can make the difference between confidence and chaos. Traditional security approaches focus on “how do we get to 99.95%?”

But we're trying to solve the wrong problem. We should acknowledge that existing investments are not stopping attackers from traveling seamlessly across digital organizations to their crown jewels.

See also: With MFT use growing among manufacturers, new findings see critical cybersecurity gaps

Cyberattacks on OT environments are very real. Headlines usually tend to read that “we have had an unprecedented cyberattack and we have shut down our operations to prevent damage.”

From factory floors to hospital networks, threat actors are exploiting the increasingly blurred lines between IT and OT systems, slipping past traditional defenses and targeting the infrastructure that keeps industries running.

The longstanding security playbook, built around perimeter firewalls, static segmentation, and the assumption that OT systems are safely isolated, is no longer relevant.

Historically, OT systems were designed for safety, reliability, and availability. Defense of these systems remained a low priority until recent years, making them attractive targets for adversaries seeking to disrupt operations or move laterally across networks.

Once compromised, these systems can serve as launchpads for deeper infiltration, affecting production, safety, and even patient care.

See also: Protecting modern manufacturing systems from socially engineered cyber fraud

With increased modernization and the advent of AI, these OT systems are now exposed to enterprise IT, cloud platforms, and remote access tools.

This integration, while essential for efficiency and innovation, has dramatically expanded the attack surface, leaving industrial control systems (ICS), engineering consoles, and Internet of Medical Things (IoMT) devices exposed to threats once confined to IT domains.

Due to this, the attack surface has increased in the health care industry, where cyberattacks are surging at unprecedented levels. Data from the U.S. Department of Health and Human Services shows that major health care data breaches have increased by a factor of 2 over the last 4 years, affecting more than 88 million people in 2023—an alarming 60% rise compared to 2022.

In the first six months of 2024 alone, more than 40 million patient records were compromised, a 31% increase from the previous six months, according to Paubox. The average cost of a health care data breach in 2023 reached $10.93 million, up 53% since 2020.

These breaches share a common thread: Attackers are exploiting implicit trust and weak segmentation. Once inside, they move laterally across networks, accessing systems that were never designed to withstand modern threats.

Perimeter defenses may slow them down, but they cannot prevent compromise once internal access is bypassed. Static segmentation often fails to account for dynamic interactions between users, devices, and applications, especially in environments where legacy systems and third-party platforms coexist.

To counter these threats, organizations must adopt breach-ready strategies that prioritize anticipating and containing breaches over mere prevention. This means designing networks to anticipate potential cyberattacks, with granular boundaries, and enforcing strict policies that limit movement between systems.

See also: Our annual State of Initiative Survey is open!

Zero-trust architecture plays a critical role in this shift. Eliminating implicit trust, zero trust requires continuous verification of every user, device, and application, regardless of location or role.

In OT environments, this means treating internal traffic with the same scrutiny as external connections. The assumption is no longer “if” a breach will happen but “when.”

This mindset prepares organizations to detect compromise early and maintain core operations under pressure.

As adoption of Industry 4.0 and Industry 5.0 increases, bridging the gap between IT and OT teams in a structured, breach ready approach is critical. These domains have traditionally operated in silos, with different priorities, tools, and risk models.

But as cyber threats span both environments, collaboration is no longer optional. Security teams must work closely with operational stakeholders to understand how systems interact, identify vulnerabilities, and implement controls without disrupting uptime or safety.

See also: Survey: Data quality issues costing manufacturers billions

Visibility is a foundational requirement. Organizations need to understand which assets exist in their environments, how they communicate, and which users or applications have access to them. This level of contextual awareness enables more effective policy enforcement and faster incident response. It also supports compliance with industry regulations.

Ultimately, the goal is not just to prevent breaches, but to survive them. Breach-ready resilience means designing microsegmented digital systems that can contain attacks where they occur, so that the rest of the digital systems remain "unaffected" by the breach.

This includes having clear incident response plans, segmented backups, and the ability to isolate compromised systems without taking down entire networks.

See also: OT cybersecurity case study: Flaws found and fixed in widely used industrial network devices

Yes, breach-ready organizations will now declare, "We had an unprecedented cyberattack. And due to our breach-ready stance, most of our digital systems remain unaffected, and we have hired cyber experts to assess and remove the attackers immediately."

Industrial and health care organizations are learning these lessons the hard way. As cyber threats evolve, so must the strategies used to defend against them. Containment, visibility, and continuous verification are no longer optional; they are essential pillars of modern cyber resilience.