Attendees will leave able to ask more informed, stronger questions of suppliers, read assurance claims with appropriate scepticism, and make more defensible decisions about OT risk in the real world. They will gain a better understanding of where control sits in OT environments, how supplier relationships and commercial structures shape security outcomes, and why many common assumptions and frameworks around ownership, responsibility, and governance collapse in practice.

The talk explores common myths around ownership: that asset owners control patching and change, that contracts offer meaningful protection, that assurance means security, and that responsibility aligns with authority. It examines how dependency, inertia, lifecycle constraints, vendor power, and incentives often dictate security posture far more than policy or wishful thinking, and offers practical ways to reframe discussions and challenge supplier narratives.