• Audience 1st
  • Posts
  • What Cybersecurity Leaders Must Learn from OT Practitioners in Underserved Critical Infrastructure

What Cybersecurity Leaders Must Learn from OT Practitioners in Underserved Critical Infrastructure

Despite being designated a critical infrastructure sector in 2020, the food and agriculture industry remains one of the most underserved domains in cybersecurity. Here's why and what you can do about it.

Author

Dani Woolf
18 Apr • Read Time: 5 minutes

Despite being designated a critical infrastructure sector in 2020, the food and agriculture industry remains one of the most underserved domains in cybersecurity.

The stakes are high:

Human health, food security, economic stability, and public trust all depend on the integrity of these systems.

Yet, most decision-makers fail to grasp just how fragile the underlying infrastructure is.

In this episode of Audience 1st Podcast, I sat down with Kristin Demoranville, CEO of Anzen Sage and Host of Bites and Bytes Podcast, and distill five urgent themes shaping the risk landscape, offering actionable steps that stakeholders must take to protect one of the most essential systems in our society:

The systems that feed us.

Let’s go.

Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.

Security in Food Systems Is Reactive, Not Proactive

In the food sector, security doesn’t get funded or prioritized until something breaks.

Because the industry is heavily forecast-driven and budget-conscious, any security investment not tied to a visible, immediate threat tends to be dismissed.

Executives often lack background in operational technology (OT) or food production, making it harder to grasp the latent risks or advocate for controls.

As a result, even high-profile incidents like cyberattacks on grocery supply chains often pass without meaningful structural changes.

The delay between incident and response is not just a budget problem, it’s a mindset problem rooted in short-term thinking and a lack of contextual understanding.

OT Practitioners See the Whole System, But Are Left Out of Critical Conversations

Operational technology teams in food manufacturing environments often have unmatched visibility into day-to-day systems, yet they are excluded from conversations around safety, compliance, and business continuity.

Kristin points to incidents where OT teams observed physical or operational anomalies but never flagged them because they weren’t trained to see them as part of the food safety equation.

The organizational silos between food safety and cybersecurity persist, even as systems converge.

The result is predictable:

Threats that cross domain boundaries go undetected or unresolved until they escalate into full-blown crises.

Until OT voices are embedded in cross-functional response teams, this will remain a structural weakness.

The Root Problem Is Not Technology; It’s People and Culture

The most common failure point across food production cybersecurity is not a tool or technical control - it’s human behavior.

Kristin highlights the persistence of apathy, miscommunication, and cultural friction as the real barriers to change.

Many food safety professionals care deeply about their work but are overwhelmed or unsupported.

Meanwhile, security staff often lack awareness of how their own systems intersect with food production processes.

Insider threats, safety violations, and operational shortcuts are often the result of overworked teams functioning in environments where the cost of disruption is seen as higher than the risk of exposure.

Changing this dynamic requires more than technical training. It demands cultural change and leadership alignment.

Misinformation Is Becoming a New Threat Vector

Food is uniquely emotional.

It carries cultural, religious, and personal meaning.

That’s precisely why it has become a powerful target for misinformation and psychological manipulation.

Kristin warns that cyber threat actors increasingly use supply disruptions or contamination rumors to destabilize consumer trust.

These are strategic attacks on economic and societal stability.

Because most consumers don’t understand how food is produced, processed, or distributed, disinformation can spread rapidly.

The emotional response is often immediate and intense, while the underlying facts are slow to surface, if they surface at all.

Security leaders must begin treating information manipulation as part of their risk landscape, especially in sectors where public trust is critical.

The Food Sector Is Underserved and Bleeding Tribal Knowledge

Despite its criticality, the food and agriculture sector is drastically underserved when it comes to cybersecurity specialization.

Most OT practitioners in food manufacturing are generalists stretched thin, or external consultants with no long-term stake in the business.

Meanwhile, industry veterans with deep operational knowledge are aging out and their expertise is leaving with them.

Kristin argues that cybersecurity in food is not a plug-and-play skillset.

It requires niche knowledge, sector-specific regulation awareness, and a systems-thinking mindset.

The industry needs purpose-built training, career pipelines, and regulatory guidance that accounts for its unique challenges.

Without this, we will continue to see patchwork solutions and repeated failures.

Until next time,
Dani

Excited to collaborate? Let’s make it happen!

Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.

Reply

or to participate.