In this episode of Talk OT To Me, Jesper and Justin tackle one of the most challenging topics in industrial cybersecurity: incident response in Operational Technology (OT).

Having an incident response plan is one thing. Knowing how to execute it when production, safety, and business continuity are on the line is something entirely different.

The conversation explores why OT incidents can't be treated like IT incidents, how poor visibility and unclear ownership slow down decision-making, and why tabletop exercises often reveal critical gaps in preparedness. They also discuss real-world examples, the growing impact of AI-driven attacks, regulatory pressures such as NIS2 and the Cyber Resilience Act, and why collaboration between IT, OT, engineering, operations, and leadership is essential.

Key topics include:

• Why most incident response plans fail in practice
• The unique challenges of responding to cyber incidents in OT environments
• How visibility gaps create dangerous delays
• Lessons from real-world OT incident response scenarios
• The impact of AI on attack speed and defender readiness
• Compliance, liability, and regulatory requirements
• Why OT incident response is ultimately an engineering and business problem—not just a cybersecurity problem

If your organization believes it's prepared for an OT cyber incident, this episode will challenge you to ask a simple question: When was the last time you actually tested the plan?