Is Vardar monitoring completely passive?

Yes. Vardar connects via a read-only SPAN or mirror port on your network switch. It never sits inline with production traffic, installs agents, or injects latency. Zero production risk.

How long does deployment take?

Under 24 hours to full visibility. The edge device connects to a mirror port in minutes, and AI behavioral profiling begins automatically — no manual configuration required.

Do I need OT security expertise to operate Vardar?

No. Vardar is designed for IT teams without dedicated OT security staff. Alerts are delivered in plain English with actionable next steps — no security degree required.

The Real Cost of an OT Breach — Beyond the Headline Numbers

When an OT system goes down, the meter starts running at $125,000 per hour. But the invoice that follows is far larger than anyone expected.

Headlines love big numbers. "$4.88 million average breach cost." "$9.5 trillion in global cybercrime damages." These figures are staggering, but they obscure a far more painful truth for organizations with operational technology environments: the real cost of an OT breach is a compounding cascade that extends far beyond the initial incident.

In the industrial sector, the average data breach cost reached $5.56 million in 2024 — an 18% increase over the prior year and the highest cost increase of any industry surveyed. Nearly one in four industrial companies reports cyberattack damages exceeding $5 million. And ransomware attacks on industrial firms more than doubled between 2021 and 2023, with manufacturing accounting for 14% of all ransomware victims in 2025.

But these numbers only tell part of the story. The real cost of an OT breach unfolds across multiple dimensions that most organizations never fully account for.

The Downtime Multiplier

When a production line stops, the cost is not linear — it compounds. Unplanned downtime costs the world's 500 largest companies approximately $1.4 trillion annually, representing 11% of their total revenues. In automotive manufacturing, a single idle production line costs up to $2.3 million per hour. Across industrial sectors more broadly, the median hourly cost is approximately $125,000.

But a four-hour outage does not cost 4x a one-hour outage. As time stretches, secondary costs escalate: scrap accumulates from degraded work-in-progress, SLA breach thresholds are crossed triggering contract penalties, safety validation lengthens the restart sequence, and overtime labor spikes.

A facility that could recover in 30 minutes with the right systems in place may face 4-8 hours of manual rebuilding without them — turning a $125,000 incident into a $500,000+ event.

For industrial organizations, 70% of respondents in recent research reported that unplanned outages typically last between four and 24 hours. At the 8-hour mark, the base cost alone reaches approximately $1 million — before accounting for any secondary impacts.

The Hidden Cost Categories

The headline figure — production downtime — typically represents only about 17% of total breach-related expenses. The full cost breakdown reveals a far more complex picture:

Cost Category	Share of Total
Incident response	21.7%
Lost revenue	19.4%
Unplanned downtime	16.9%
Equipment repair and replacement	16.8%
Ransom payments	12.0%
Scrap and lost inventory	11.9%

Incident response — Whether handled internally or by third-party specialists, the forensic investigation, containment, and eradication process is the single largest expense category.
Lost revenue — Beyond immediate production loss, this includes cancelled orders, customer churn, and delayed market opportunities.
Equipment repair and replacement — OT breaches can physically damage equipment through manipulated control parameters, degraded firmware, or forced shutdowns that bypass proper sequencing.
Scrap and lost inventory — Work-in-progress that cannot be recovered, raw materials wasted during uncontrolled shutdowns, and finished goods that fail quality checks post-incident.

Then come the costs that never appear in the immediate incident report: regulatory fines under frameworks like NIS2 and NERC CIP (up to $1 million per day per violation), stock price impact, increased insurance premiums, and the long-tail reputational damage that drives customer attrition for years.

Why OT Recovery Is Fundamentally Different

IT recovery and OT recovery are different animals entirely. After an IT breach, you restore from backup, patch the vulnerability, and resume operations. After an OT breach, the recovery path is far more complex:

Operators must first verify that physical systems are in a safe state — you cannot simply reboot a chemical reactor or a high-voltage switchgear.
HMI and SCADA systems require individual reconfiguration, not just image restoration.
Safety interlock verification must be completed before any process restart.
Process variables need stabilization, which can take hours depending on thermal, chemical, or mechanical constraints.
Quality validation ensures the first outputs after restart meet specifications.
In regulated environments, regulatory sign-off may be required before production resumes.

Each manual step extends the Mean Time to Recovery (MTTR), and since total cost scales with duration plus escalating secondary costs, MTTR is the single most financially controllable variable in the entire equation.

What This Means for Security Investment Decisions

The economics of OT security become clear when you frame them correctly. If your facility faces a median downtime cost of $125,000 per hour and your current MTTR is 8 hours, a single incident costs roughly $1 million in direct losses alone — before secondary costs. Reducing MTTR from 8 hours to 2 hours doesn't cut costs by 75%; it cuts them by more than half because the escalating secondary costs that compound with time are also compressed.

Early detection is the highest-leverage investment because every minute of prevented downtime is $2,000+ saved. Catching anomalies before they become incidents compresses not just MTTR but the entire incident lifecycle.

Combined with collective intelligence that aggregates anonymized threat patterns across deployments, behavioral monitoring identifies attack patterns that no single-site solution could catch. The key: detecting threats at the earliest possible stage — before they propagate from IT into OT environments.

Five Questions Every CISO Should Answer Today

What is your actual per-hour downtime cost? Not the industry average — your specific facility, with your specific production output, labor costs, and SLA obligations.
What is your current MTTR for an OT incident? If the answer is "we don't know," that is your first gap to close.
Can you detect IT-to-OT lateral movement in real time? Most breaches start in IT and propagate into OT. If you lack visibility at the boundary, you are blind to the most common attack path.
Are your recovery procedures documented and tested? Manual recovery without rehearsed procedures is what turns a 2-hour outage into a 24-hour crisis.
How does your security spend compare to a single incident? If one breach costs $1-5 million and your annual OT security budget is a fraction of that, the risk calculus is clear.

The real cost of an OT breach is not a number you read in a report. It is a cascade — one that starts at $125,000 per hour and compounds into millions through hidden costs, manual recovery, and secondary impacts. The organizations that survive this era are the ones that invest in visibility and early detection before the cascade begins.

Ready to Secure Your OT Network?

Get a free risk assessment of your industrial environment.

Request Free Assessment