We place a great deal of trust in the digital systems and processes that underpin our daily lives, often without fully realizing how dependent we’ve become. Critical infrastructure, from energy grids to hospitals to financial networks, no longer operates in isolation. Every system, every connection, every user interaction carries the potential to ripple across an organization, or beyond, and consequently affect society at large.

Steven De Mot, Business Development Manager OT Security at Fortinet, sees that shift happening across industries. “Cybersecurity can no longer be an afterthought,” De Mot emphasizes. “It must be woven into the very architecture of systems, from design to daily operation. Awareness, not just technology, is essential. Today, security is everyone’s responsibility.”

When digital systems fail, the consequences extend far beyond technical disruption. An outage in a hospital can threaten patient care. A disruption in an energy network can halt production, paralyze transport, and shake public confidence. Even seemingly minor incidents can cascade into economic instability and social disruption. Trust, in that sense, is inseparable from control and accountability. That is why the principle of ‘security by design’ is becoming essential, security can no longer be something that is added afterward, but must be embedded from the earliest stages of how systems and technologies are built. If organizations cannot demonstrate that their systems remain secure and manageable under pressure, that trust erodes quickly.

“Cybersecurity can no longer be an afterthought, it must be woven into the very architecture of systems, from design to daily operation.” — Steven De Mot 

An expanding threat landscape

The cybersecurity landscape is becoming faster, more international, and more complex. Incidents rarely remain confined to a single organization or region. Instead, they increasingly affect entire ecosystems of partners, suppliers, and users. At the same time, geopolitical tensions, sanctions, and supply chain disruptions are introducing new layers of risk that extend beyond purely technical considerations.

Organizations are also becoming more dependent on external technology platforms and services. These dependencies are not at all inherently problematic, but they must be clearly understood and actively managed. In a crisis, it quickly becomes clear whether real operational control lies with the organization itself or whether it only exists on paper. Disaster recovery testing is a critical control to validate such dependencies before real incidents happen.

When cyber incidents become physical incidents

Another structural shift is the convergence of IT and OT environments. As digital and operational systems become more tightly integrated, cyber incidents can now translate directly into physical consequences. In sectors such as energy, transport, and industry, a cyberattack can disrupt or even halt critical processes, creating safety risks and operational downtime at the same time.

However, protecting these environments requires more than traditional IT security, De Mot adds. Organizations must design architectures that allow systems to continue functioning safely even in degraded or isolated conditions, for example, when networks or external services are temporarily unavailable. In this context, operational control becomes crucial. Leaders must understand who can access and manage systems, intervene remotely, and under which legal or technical conditions this is possible.

Integration, AI, and the fight for visibility

As digital environments grow more complex, fragmented security approaches become increasingly difficult to manage. Critical infrastructure today consists of a combination of IT systems, industrial networks, cloud platforms, and edge devices. When security is spread across disconnected tools and teams, visibility suffers and response times increase.

This is why Fortinet promotes an integrated Security Fabric approach, bringing security together across IT, OT, cloud, and edge. A unified architecture allows organizations to maintain consistent policies, comprehensive visibility, and centralized control over their entire digital environment. “Integration across all digital layers ensures that critical infrastructure continues to function safely, even if parts of the network go down or change,” De Mot explains.

Artificial intelligence is further reshaping the playing field on both sides. Attackers can use AI to automate reconnaissance, generate more convincing phishing campaigns, and exploit vulnerabilities at scale. Defenders, in turn, can leverage AI to process vast amounts of security data, detect anomalies more quickly, and respond to incidents with greater speed and precision. Yet technology alone is not the answer. Governance, processes, and operational oversight remain fundamental. As De Mot puts it: “The key question is always who retains control of critical systems when circumstances change.”

Digital sovereignty as a strategy for resilience

For leaders responsible for critical infrastructure, cybersecurity is increasingly becoming a question of strategic control and digital sovereignty. Organizations must be able to continue managing and securing their systems even when external conditions deteriorate. Whether due to geopolitical tensions, supply chain issues, or large-scale cyber incidents.

One practical indicator of this control is the management of encryption and data. When organizations retain ownership of their cryptographic keys, they maintain real authority over access and protection. When they rely entirely on third parties, sovereignty can quickly become theoretical.

At the same time, digital sovereignty does not mean isolation. Cyber threats operate across borders, and defending against them effectively requires global threat intelligence, information sharing, and close cooperation between public and private sectors. “Digital sovereignty is not an ideological concept,” De Mot concludes. “It is a practical strategy for resilience, accountability, and ultimately, for maintaining trust in the systems that we, as a society, depend on.”