Best Practices for Executive & Board Level OT Cybersecurity Reporting

Great energy yesterday noon here in The Hague at the Honeywell Cybersecurity Leadership Summit. I had the honor and privilege to join a panel discussion on OT cybersecurity board reporting and governance; a topic that’s quickly becoming central to how organizations manage operational risk. Reflecting on the session, a few clear themes emerged.

Boards Understand Cyber Risk; But Need Better Translation

Boards increasingly recognize cybersecurity as a strategic issue, but many still need help connecting technical risks to business impact. Clear, concise communication framed around operations, safety, and financial exposure is essential.

OT Connectivity Demands Collaboration

As OT environments become more connected, visibility and teamwork matter more than ever. The strongest cybersecurity programs are those where IT, OT, and engineering work together with shared inventories, aligned metrics, and unified reporting.

IT and OT Metrics Serve Different Purposes

IT tends to focus on confidentiality and response times, while OT prioritizes availability, safety, and process stability. Neither is right or wrong. They simply measure different forms of risk. Blending both perspectives gives leadership a more accurate view of enterprise exposure.

Justifying Investment Is About Framing the Impact

Cybersecurity isn’t a cost center; it’s a resilience enabler. When investments are tied to avoided downtime, regulatory confidence, and safety, leadership sees the value immediately.

One Message for Executives: Treat OT Cybersecurity as Business Resilience

The takeaway I emphasized on the panel: OT cybersecurity should be governed as a core business function. It protects the systems, people, and processes that keep the company running. And it’s most effective when supported by clear governance and cross-functional alignment, while OT cybersecurity board reporting is crucial.