Analyst(s): Fernando Montenegro
Publication Date: January 22, 2026
The research presents that the market has moved beyond OT/IT convergence to “enforcement-led operations” where the air gap is effectively degraded. We identify a meaningful “disconnect between authority and operational reality” where IT owns the risk (50%), while operations technology leaders may retain a “Latency Veto” over any tool that threatens Overall Equipment Effectiveness (OEE).
Key Points:
- The Strategic Split: A structural governance fracture is forcing a binary market choice between “IT-centric consolidation” and “Embedded Safety” models as generalist platforms aggressively expand into industrial spaces.
- The Technical Friction: “IT/OT Security Integration” has surpassed asset visibility as the primary challenge, necessitating a pivot from “Single Pane of Glass” dashboards to deep API interoperability between disparate control planes.
- The Governance Reality: “Machine-Scale Governance” and the “External Vise” of sovereignty and insurance requirements are rendering manual governance obsolete, regardless of the vendor ecosystem.
Overview:
Futurum research surfaces that the “Integration Trap” is the primary friction point facing the industry. While organizations have solved the “what do I have?” visibility problem, they are failing at the “how do I manage it?” stage. The traditional Purdue Model is collapsing under the weight of the Extended Internet of Things (XIoT), creating a “visibility gap” where proprietary firmware cannot be patched without risking disruption. This technical debt creates a dangerous misalignment: IT teams enforce mandates, such as active scanning, that OT leaders reject via their “Latency Veto” to preserve OEE.
The report argues for a structural pivot toward “Physics-First” security architectures. Instead of building “walled gardens,” the market must prioritize “Deep API Interoperability” to bridge IT’s “detect” workflows with OT’s “prevent” protocols. This requires abandoning the “Single Pane of Glass” fallacy in favor of “Machine-Scale Governance,” utilizing, for example, Automated Certificate Lifecycle Management, Deep Packet Inspection (DPI), and other technologies to handle the challenge at scale. Engineering teams must validate “deterministic behavior” that blocks threats without causing physical shutdowns.
Governance is no longer an internal policy choice but a condition of market survival dictated by the “External Vise.” The EU Cyber Resilience Act (CRA) and strict Cyber Insurance Underwriting checklists now increasingly force organizations to validate controls against external standards. Leaders must immediately address the “Agentic AI” paradox and “Shadow AI” risks or face uninsurable liability in a market demanding “jurisdictional immunity.”
What to Watch:
- The “Latency Veto” Standoff: Monitor if IT teams can align security mandates with OEE metrics or if “Shadow Operations” entrench further.
- The “Quantum-Agility” Standard: Watch for “Harvest Now, Decrypt Later” threats driving PQC requirements in long-cycle infrastructure RFPs.
- The “Living SBOM” Transition: Observe the shift from static reporting to real-time VEX (Vulnerability Exploitability eXchange) transparency.
The full report is available via subscription to Futurum Intelligence’s Cybersecurity & Resilience IQ service—click here for inquiry and access.
Futurum clients can read more in the Futurum Intelligence Platform, and non-clients can learn more here: Cybersecurity & Resilience Practice.
About the Futurum Cybersecurity & Resilience Practice
The Futurum Cybersecurity & Resilience Practice provides actionable, objective insights for market leaders and their teams so they can respond to emerging opportunities and innovate. Public access to our coverage can be seen here. Follow news and updates from the Futurum Practice on LinkedIn and X. Visit the Futurum Newsroom for more information and insights.
Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used Google Gemini to summarize the original report. After using this service, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
