Gyala closed a new investment round and accelerates the cyber resilience of critical IT/OT/IoT infrastructures Read

IT/OT Convergence: Once Upon a Time There Was Segregation

There was a time when OT operated in a closed world:

proprietary networks, vertical protocols, and machines engineered to run for decades without truly communicating with the outside world. Security was largely synonymous with isolation — a luxury that no longer exists.

Then pervasive connectivity arrived, driven by the Industrial IoT, edge data analytics, and artificial intelligence enabling real-time operational decisions. Today, the factory is software-defined, capable of adapting within hours to flexible, customized, and make-to-order production. Data? It is the critical asset that defines competitive advantage.

Two Cultures in Contrast: IT vs OT

IT/OT convergence is not merely technological integration; it is the collision of two digital paradigms. IT has matured capabilities such as patch management, network segmentation, multi-factor authentication, and centralized logging. OT, by contrast, prioritizes 24/7 availability, absolute stability, and determinism — not security by design.

The result is an expanded attack surface: PLCs, sensors, actuators, and SCADA systems become vulnerable vectors. In Italy, the manufacturing sector experienced an average of 1,694 cyberattacks per week in 2025, with 5,904 incidents managed out of 16,861 total — over one-third of the national total. Clusit confirms that the sector absorbs 15.7% of severe attacks, with Italy accounting for 25% of the global total due to the combination of legacy systems and connectivity.

NIS2: The Regulation Redefining IT/OT

The NIS2 Directive (mandatory in Italy since October 2024) represents a further game-changer: it extends resilience and 24-hour incident notification obligations beyond IT to OT and critical infrastructures. It requires cross-domain risk management, shared training, and supply chain collaboration — with penalties of up to 2% of global annual turnover.
For Italian factories, this means aligning OT with IT cybersecurity, transforming silos into integrated resilience.

Governance: The Bridge Between Silos

Often underestimated yet crucial is shared governance — even more so under NIS2 — which imposes extended accountability. IT, OT, and operations functions must collaborate to align risk and ROI.

Without it, every digitalization initiative generates operational value on one side and cyber debt on the other.

From Reactive Defense to Proactive Observability

An expanded attack surface means that a cyber incident is not merely a direct loss but impacts quality, production continuity, and physical safety.
Enabling predictive maintenance, vendor remote access, cloud integration, or AI-driven analytics is not simply a matter of extending IT rules to OT. Instead, it requires a cross-domain observability model capable of correlating events across different domains and interpreting risk in relation to the business value of the assets involved — namely visibility, detection, and context.

In environments where not everything is patchable, where replacing a legacy system may mean halting production, the ability to identify anomalous patterns and out-of-baseline behavior becomes essential. In this scenario, machine learning is not just an ally; it is a critical instrument for interpreting weak signals, anticipating issues, and reducing the time between compromise and response.

Another frequently underestimated element is governance. IT/OT convergence requires structured dialogue between functions that have historically operated in silos. Without a shared risk vision, every digitalization investment risks generating operational value on one side and security debt on the other.

The Smart Factory: Efficiency or Trap?

The smart factory promises flexibility and new revenue streams, but it scales automation and makes redundant data availability, remote access protection, and infrastructure resilience essential. Continuity is no longer an IT KPI; it is corporate survival — especially under NIS2, which extends oversight across the supply chain.

The question is no longer “how much should we digitalize?” but rather, “how prepared are we to govern this complexity — and remain NIS2-compliant?”

IT/OT convergence is inevitable. Resilience? A design choice by Gyala — made before an incident makes it for you.