Decoding the world of cybersecurity

Accenture makes $4.2bn OT cyber move

Accenture’s planned Dragos, runZero, and NetRise deals would combine OT detection, asset intelligence, and firmware visibility for critical infrastructure security.

Accenture makes .2bn OT cyber move
Summary
  • Accenture has agreed to acquire a majority stake in Dragos and all of runZero and NetRise at a combined enterprise value of about $4.175 billion.
  • The transaction would combine OT threat detection, exposure assessment, attack surface intelligence, and firmware-level software supply chain visibility.
  • The deal reflects rising demand for integrated assurance across IT, OT, IoT, suppliers, and device estates in critical infrastructure environments.

Accenture has moved to build a larger industrial cyber platform through deals involving Dragos, runZero, and NetRise, in a transaction that could reshape how critical infrastructure operators buy operational technology security capability.

The company said it has agreed to acquire a majority stake in Dragos and 100% of runZero and NetRise at a combined enterprise value of approximately $4.175 billion, subject to customary purchase price adjustments. The transactions are expected to close in August or September 2026, subject to closing conditions and required regulatory approvals.

Accenture said Dragos would continue to operate as an independent business under co-founder and chief executive Robert M. Lee, with runZero and NetRise operating under Dragos. The combined business would bring together Dragos’s OT threat detection platform, runZero’s exposure assessment and attack surface intelligence, and NetRise’s software supply chain dataset and firmware-level visibility into device exposure.

The company described the target environment as extended operational technology, or xOT: industrial control systems, Internet of Things devices, sensors, cloud-connected equipment, and related IT infrastructure controlling or supporting physical processes. That reflects where industrial cyber exposure has been moving. Plant networks, remote support, software updates, cloud analytics, maintenance suppliers, connected devices, and business systems increasingly sit inside the same operational risk picture.

The transaction points to a procurement shift in critical infrastructure security. Operators need visibility across assets, vulnerabilities, firmware, network behaviour, threat activity, and third-party dependencies. Those capabilities have often been bought in fragments, with OT detection, asset discovery, vulnerability management, supplier assurance, and consultancy work handled through separate tools and engagements. Accenture’s proposed structure indicates a market push toward integrated industrial cyber platforms backed by services and advisory capacity.

A combined platform could reduce gaps between asset knowledge, exposure management, and detection. It could also give operators a clearer view of what is present in complex industrial environments and which weaknesses create operational risk. In sectors such as energy, water, transport, manufacturing, telecoms, and healthcare, connecting device-level visibility to continuity decisions has become increasingly important.

The concentration of capability will need careful procurement scrutiny. As OT security becomes a larger market, more capability may sit inside a smaller group of major consultancies, platform vendors, and managed service providers. Buyers will need to understand what remains vendor-neutral, how data is handled, how tools integrate with existing architectures, and whether incident response independence is affected when advisory, platform, and managed services are bundled together.

For UK and European operators, the move lands against a tightening regulatory backdrop. NIS2, DORA, sector-specific resilience rules, and the UK’s cyber resilience agenda all push organisations toward better asset understanding, supplier oversight, incident readiness, and evidence-based risk decisions. Industrial environments complicate that work because downtime, safety, legacy systems, and vendor support constraints limit the kind of testing and rapid remediation that are normal in corporate IT.

Accenture said the three companies together were estimated to generate about $208 million in annual recurring revenue as of June 2026, with 53% year-on-year growth. That commercial momentum helps explain the valuation, while also showing how far OT security has moved into mainstream enterprise cyber procurement.

The transaction still requires approvals and successful integration. Until it closes, customers are dealing with a proposed market structure rather than a completed one. The direction is already visible: industrial cyber security is becoming a board-level procurement category tied to resilience, operational continuity, software supply chain visibility, and regulatory evidence.

×