Industrial digitalisation fails when IT teams treat operational technology like enterprise software. The convergence of IT and OT is not a technology challenge — it is a governance, programme management, and organisational design challenge that most digital transformation programmes are not built to handle.
When a manufacturing company, a rail operator, or an energy utility embarks on a digitalisation programme, it typically starts with an IT lens. The conversation is about cloud migration, data platforms, ERP modernisation, and digital interfaces. These are real and necessary components of industrial digitalisation. But they represent only half the problem — and often the easier half.
The other half is Operational Technology: the SCADA systems, distributed control systems, programmable logic controllers, and sensor networks that run physical operations. These systems were not designed for the digital age, do not speak the same protocols as enterprise IT, and operate under safety and availability requirements that enterprise IT governance was never built to manage. When an IT programme runs headlong into OT complexity without preparation, the results are predictable and expensive.
Enterprise IT systems are designed to be updated frequently, patched regularly, and replaced on three-to-five year cycles. Availability matters, but brief downtime windows are accepted as part of normal operation. Security is primarily about data — protecting confidentiality, integrity, and access control.
OT systems operate by entirely different rules. A factory automation system or a rail signalling platform may run unchanged for fifteen to twenty years, because updating it requires taking the physical process offline — a process that is expensive, operationally disruptive, and in safety-critical environments, subject to regulatory approval. Availability is not a target to be optimised; it is a hard constraint. And security in OT is not primarily about data — it is about functional safety. A compromised SCADA system does not leak records; it can stop a production line, derail a train, or interrupt power supply to a hospital.
When IT teams apply IT thinking to OT systems, they are not just technically wrong. They are creating safety risks, operational risks, and regulatory risks that no programme governance structure was designed to manage.
The result of this mismatch is not simply technical incompatibility. It is a programme-level collision between two worlds with different vocabularies, different risk models, different professional cultures, and different organisational chains of command. IT teams report to the CIO. OT teams report to operations, engineering, or in safety-critical industries, to the chief safety officer. These chains of command rarely converge below board level — which means IT/OT conflicts escalate slowly, through channels that are not designed for the pace of digital programme delivery.
Across the industrial digitalisation programmes we have worked with, IT/OT integration fails in four recurring ways:
Organisations that successfully navigate IT/OT convergence share a common structural approach. It is not dependent on the sophistication of their technology — it is about how they organise the programme.
The first structural element is a defined IT/OT interface at programme level. The programme structure includes an explicit workstream responsible for the IT/OT boundary — not managed by the IT programme team alone or the OT engineering team alone, but jointly owned, with clear decision rights and escalation paths. This workstream does not design the OT systems or the IT architecture. It manages the interface between them: shared protocols, connectivity requirements, security governance that spans both domains, and the coordination of testing and go-live sequencing across the boundary.
The second element is OT-specific security governance. Security requirements for OT systems are defined separately from IT security requirements, with input from OT engineering, the safety function, and where relevant, regulatory bodies. The programme has a named individual accountable for OT security governance — not the CISO, whose instincts and frameworks are calibrated for IT, but a role with specific OT security expertise who reports into the programme with direct access to the safety governance chain.
The third element is phased integration with OT-paced timelines. OT systems cannot be migrated or integrated at IT programme pace. Programmes that recognise this early plan for OT integration milestones that are realistic given OT change management requirements — including regulatory approval windows, planned maintenance shutdowns, and the longer testing cycles that safety-critical systems require. Programmes that do not recognise this end up with IT workstreams sitting idle waiting for OT dependencies that were never properly planned.
The most significant gap in most IT/OT convergence programmes is not technical. It is the absence of programme managers who understand both domains well enough to manage the interface effectively.
IT programme managers know how to run IT programmes. OT engineers know how to manage OT systems. What is consistently missing is people who understand the organisational dynamics, the governance requirements, and the risk models of both worlds — and who can facilitate productive working relationships between IT and OT teams that have often never been asked to collaborate before.
This is not a role that can be filled by a generalist programme manager who has read a briefing document on OT systems. It requires practitioners who have worked on both sides of the IT/OT boundary, who have navigated the organisational politics between IT and operations functions in large industrial organisations, and who understand what good looks like in this specific context. These people are rare. Finding them, or developing them within an organisation, is one of the most important programme capability decisions in industrial digitalisation.
Industrial digitalisation programmes that succeed do not start with technology. They start with a clear-eyed assessment of the IT/OT landscape — what OT systems exist, what their connectivity and data export capabilities are, what their update and maintenance cycles look like, and what the safety and regulatory constraints are on integrating them with IT systems. This assessment shapes everything that follows: the architecture, the integration approach, the security governance, the programme timeline, and the capability requirements.
The organisations that skip this step in the interest of speed consistently find themselves revisiting it later — at higher cost, under more pressure, and with less flexibility than they would have had at the outset. Industrial digitalisation is one of the most complex programme challenges in large organisations. The complexity does not go away by ignoring it. It compounds.
We bring programme management experience from both sides of the IT/OT boundary — from industrial digitalisation to cloud transformation in transport and manufacturing.
Talk to us