When a major Canadian bank needed to advance the resilience of its operational and cybersecurity environments, it faced complex risks such as limited visibility across converged Information Technology (IT)/Operational Technology (OT) systems, evolving sector-specific threats and the potential exposure of critical infrastructure supporting core operations. Kroll delivered a multidisciplinary OT security program encompassing a tailored threat profile, a comprehensive OT risk assessment, simulated OT security testing using safe, non-disruptive methodologies and an incident response plan review. The engagement provided deeper insight into the bank’s OT security risk exposure, identified governance and visibility gaps, and established a clear, prioritized path toward strengthening resilience in an increasingly volatile threat landscape.
Cyber
March 20, 2026
Strengthening Critical OT Infrastructure Security for a Major Bank
Overview
Industry
- Financial Services
Challenges
- Sector under increasing attack
- Highly regulated industry
- Complex, distributed operational systems with IT/OT convergence
- Limited visibility into OT assets and interdependencies
Kroll Services
- Tailored threat profile and report
- OT risk assessment and architecture review
- OT security testing (passive and non-disruptive methods)
- Incident response plan review
Impact
- In-depth OT security risk insight
- Customized incident response plan
- System vulnerabilities identified and addressed
- Enhanced security resilience
The Challenge
A major Canadian bank was looking to strengthen its operational resilience and cybersecurity maturity to keep pace with evolving threats affecting its industry. The bank’s OT environment primarily consisted of building automation and control systems that manage power, electrical distribution, cooling and backup power systems across data centers and critical facilities. Any disruption, misconfiguration or compromise could directly impact service availability, regulatory obligations and employee safety.
Building on a strong existing relationship, the bank engaged Kroll to deliver a tailored threat profile, an OT risk assessment and incident response plan review to drive a measurable uplift in OT security maturity. This engagement presented a number of challenges. In an operationally sensitive environment, careful collaboration was required to ensure business continuity was never compromised while observing tight timelines and change-freeze windows. As is common in OT environments, asset visibility was incomplete, legacy systems were deeply embedded, and traditional IT security controls did not always translate effectively into OT.
Kroll’s Solution
Kroll delivered a multifaceted global OT cybersecurity program built on the foundation of cross-collaboration between four distinct Cyber and Data Resilience capabilities. This holistic teamwork ensured that, as well as meeting the organization’s immediate security needs, Kroll aligned seamlessly with a clearly defined future vision of integrated OT security.
Kroll’s solution emphasized safe, non-disruptive assessment techniques, clear executive reporting and alignment between operational realities and regulatory expectations, combining the following key deliverables:
- Threat Profile Report (Cyber Threat Intelligence Capability)
A comprehensive analysis of OT risks using both open and closed sources, identifying sector-specific and system-focused threats and recommending tailored controls.
- OT Risk Assessment and Architecture Review (Risk Advisory Capability)
A structured assessment of the bank’s building management, power and environmental control systems. The review included stakeholder interviews, policy and governance evaluation and architectural analysis benchmarked against the NIST OT-security standard such as NIST 800-82.
- Passive Testing (Offensive Security Capability)
Where technically feasible, to validate risk findings in a safe and controlled manner, Kroll conducted simulated OT security testing using passive and non-disruptive techniques across Canada, the U.S. and the UK. Activities included:
- Passive network traffic analysis to identify exposed services and insecure communications
- Controlled vulnerability assessments of non-OT assets connected to OT networks
- Identification of misconfigurations and insecure remote access pathways
- Incident Response Plan and Testing (Digital Forensics and Incident Response Capability)
Recognizing that incident response plans designed for IT environments often do not fully address OT-specific considerations, Kroll reviewed the bank’s global incident response framework and recommended improvements to account for operational safety, system uptime and cross-team escalation procedures.
Kroll’s Offensive Security Project Management Office (PMO) team also provided program management oversight, enabling seamless alignment across resources in multiple capabilities and regions, and ensuring that this complex and broad-ranging program was smoothly executed.
The Benefits
Actionable Insights into Critical OT Risks
Rather than simply delivering technical outputs, the engagement equipped the bank with a clear, evidence-based understanding of its OT risk landscape. Kroll’s analysis highlighted common and systemic vulnerabilities—such as insecure legacy communication protocols, weak authentication practices, third-party access risks and gaps in endpoint protection—that are frequently observed in operational environments and can undermine both safety and security if left unaddressed.
The program provided a structured, actionable roadmap to address identified risks and improve future security planning. This included targeted insights on where governance, segmentation, access controls and monitoring should be strengthened, enabling the bank to allocate resources effectively and make practical decisions on phasing improvements with minimal operational disruption.
Enhanced Governance and Visibility
A core outcome of the engagement was the establishment of improved governance clarity and asset visibility across the bank’s OT environment. By documenting where legacy systems lacked adequate controls, where network segmentation was incomplete and where logging and monitoring were insufficient, the bank had a robust foundation from which to prioritize remediation and long-term resilience building.
Strengthened Incident Preparedness
Kroll provided key recommendations that enhanced the bank’s incident response plan for OT-specific scenarios, enhancing its readiness to withstand attempted attacks. This ensured the bank avoided another common pitfall—incident response plans that are focused on IT events and do not fully consider OT constraints, such as safety impact or asset recovery requirements.
Cross-Functional Collaboration and Executive Confidence
Kroll’s coordinated approach helped bridge the gap between operational teams such as the facilities management team, cybersecurity leadership and executive stakeholders. By translating technical findings into business risks, the engagement ensured that recommendations were defensible, measurable and aligned with regulatory and audit expectations, improving organizational confidence in OT risk management.
Stay Ahead with Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.
OT Security
Safeguard your most critical systems against cyber threats with Kroll’s comprehensive OT security services, ensuring visibility, business continuity and resilience.
Compliance and Regulation
End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.
Threat Exposure Management
Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.