A new report from the SANS Institute, looking ahead to 2026, has issued a stark warning: the global cybersecurity skills shortage is escalating from a chronic challenge into a direct and measurable threat to national and economic security. The analysis specifically highlights Operational Technology (OT) and industrial control systems (ICS) that underpin critical infrastructure—such as energy grids, water treatment facilities, and manufacturing plants—as being at heightened risk due to this talent gap. As these traditionally isolated systems become increasingly connected to IT networks and the internet for efficiency, they create a larger attack surface. The report concludes that without a significant influx of trained professionals who understand both IT security and the unique safety and reliability requirements of OT environments, these vital sectors face a quantifiable increase in the likelihood of a major breach.
The skills crisis is multifaceted. The SANS report identifies a critical deficit not just in the number of security personnel, but in the quality and specialization of their skills. Defending OT/ICS environments requires a rare blend of expertise. Professionals must navigate legacy systems that often cannot be patched easily, understand physical process controls, and prioritize human safety and system uptime alongside confidentiality and integrity. This niche knowledge is in desperately short supply. Furthermore, the relentless pace of cyber threats, powered by adversarial AI and increasingly sophisticated ransomware gangs, outpaces the current rate of workforce development. Organizations are stuck in a reactive cycle, leaving little resource for proactive defense and resilience building.
The implications of this gap are severe and tangible. For critical infrastructure operators, a successful cyberattack transcends data theft; it can lead to physical disruption, environmental damage, and even loss of life. The report suggests that the skills shortage directly correlates to longer detection and response times, misconfigured security controls, and an over-reliance on outdated signature-based defenses. This creates a measurable breach risk, where adversaries have a higher probability of successfully infiltrating and impacting operations. The convergence of IT and OT, while beneficial for data analytics and operational efficiency, inadvertently exports IT-borne threats into these sensitive industrial domains without a corresponding export of the defensive expertise needed to mitigate them.
Addressing this crisis demands a paradigm shift in how the industry cultivates talent. The SANS 2026 report calls for urgent, collaborative action. Recommendations include the creation of accelerated, hands-on training pathways focused on OT security, greater investment in apprenticeship and simulation platforms, and incentives for professionals to cross-train from IT into the OT domain. It also emphasizes the need for organizations to better leverage existing staff through upskilling and to improve retention by clearly defining OT cybersecurity career progression. Ultimately, mitigating the risk to critical infrastructure will depend on whether industry, academia, and government can bridge this human gap before the escalating threat landscape exploits it.
