Full Report
Tosi’s independent survey of 100 OT decision-makers across U.S. upstream and midstream oil and gas operators shows a... The post Oil and gas operators ramp up OT security spending post-Epic Fury, but critical detection gap persists appeared first on Industrial Cyber.
Analysis Summary
# Industry News: Oil & Gas Sector Faces Critical OT Detection Gap Amid Spending Surge
## Summary
A new independent survey by Tosi reveals that while U.S. oil and gas operators are rapidly increasing budgets following "Operation Epic Fury," a dangerous "false sense of security" persists regarding breach detection. Despite 87% of operators claiming high confidence in their 24-hour detection capabilities, the majority admit to relying on ill-suited IT tools or manual observations by field technicians.
## Key Details
- **Date:** May 6, 2026
- **Companies Involved:** Tosi (Survey Sponsor), various U.S. upstream and midstream operators.
- **Category:** Market Analysis / Industrial Cybersecurity Trend Report.
## The Story
In the wake of "Operation Epic Fury"—a geopolitical cyber campaign involving the U.S., Israel, and Iran—U.S. oil and gas infrastructure has seen a dramatic shift in threat perception. Tosi’s survey of 100 OT decision-makers indicates that 94% of operators have already approved or are reviewing unplanned funding to counter these heightened risks.
However, the "The Story" highlights a paradox: confidence vs. capability. While 87% of leaders believe they can detect an OT breach within a day, 51% are using IT-centric security tools that provide limited visibility into industrial protocols. Furthermore, 27% rely on "human-in-the-loop" detection—essentially waiting for a technician to notice mechanical anomalies—leaving only 16% of the industry using purpose-built continuous OT monitoring.
## Business Impact
### For the Companies Involved (Tosi)
- Tosi positions itself as a thought leader and a solution provider for "OT-native" monitoring and secure remote access, capitalizing on the identified 71% of operators prioritizing these areas.
### For Competitors
- Pure-play OT security vendors (e.g., Dragos, Nozomi, Claroty) have a massive market opportunity to displace legacy IT security tools that operators now admit are insufficient for OT traffic visibility.
### For Customers (Oil & Gas Operators)
- Operators face a "repricing" of cyber risk. With 99% reporting at least one cyber incident since early 2026, the cost of doing business now includes mandatory, high-capital investments in specialized cybersecurity to prevent production outages.
### For the Market
- The barrier to adoption has shifted from "lack of budget" (only 11%) to "cultural/expertise gaps" (45%). The market is no longer starved for cash but for specialized talent that can bridge the IT/OT divide.
## Technical Implications
The report emphasizes the failure of generic IT security stacks to parse OT-specific protocols. Technical debt is accruing where IT tools are being "forced" into industrial environments, leading to blind spots in Programmable Logic Controllers (PLCs) and other critical field assets recently targeted by Iranian-affiliated actors.
## Strategic Analysis
- **Market Positioning:** The industry is moving away from reactive "precautionary shutdowns" toward proactive "continuous monitoring."
- **Competitive Advantage:** Firms that successfully integrate OT-native detection will see higher uptime and lower insurance premiums compared to those relying on IT tools or manual observation.
- **Challenges:** The "IT/OT culture gap" remains the primary obstacle, suggesting that technology alone won't solve the problem without organizational restructuring.
## Industry Reactions
- **Sakari Suhonen (CEO, Tosi U.S.):** Describes the current detection gap as the "most consequential blind spot in U.S. energy infrastructure."
- **Regulatory Response:** Federal agencies (CISA, FBI, DOE) and state regulators like the Railroad Commission of Texas have issued urgent advisories, validating the severity of the threat landscape.
## Future Outlook
- **Spending Surge:** 25% of operators expect OT security budget increases of more than 20% over the next year.
- **Consolidation of Intent:** Expect a wave of procurement centered on three pillars: continuous monitoring, asset discovery, and OT-specific secure remote access.
- **What to watch for:** Whether this capital is spent on "more of the same" IT tools or if it flows toward specialized OT-native platforms.
## For Security Professionals
Practitioners in the energy sector should leverage this data to secure "unplanned" funding for OT-specific visibility tools. The report provides a clear mandate to pivot away from relying on IT SOC tools for industrial environments, as these are now publicly acknowledged by peers as insufficient for detecting sophisticated, state-sponsored lateral movement.