An anonymous survey of 250 UK CISOs and OT security leads finds that the majority of essential and important entities have significant readiness gaps across OT-specific controls, supply chain risk management, and incident reporting capability. Two years after NIS2 came into force across the European Union, and with UK equivalents shaping domestic regulatory expectations, the majority of UK organisations classified as essential or important entities have not achieved adequate readiness across the