From my experience, there's a tremendous lack of decent network engineer in those companies (mechanical industry, family business, ...).
Devil advocate: people in charge of IT stuff there are project or support guys, almost never network engineers. Either they don't care about serious security or they simply have no clue on how they should do it. And when they outsource their IT security, they're so bad at choosing that the solution implemented is worst than doing nothing.
When I have the chance to chat with them about those subjects, the common position is almost always "we don't get why the machine manufacturer don't sells us a secured solution".
Devil advocate: people in charge of IT stuff there are project or support guys, almost never network engineers. Either they don't care about serious security or they simply have no clue on how they should do it. And when they outsource their IT security, they're so bad at choosing that the solution implemented is worst than doing nothing.
When I have the chance to chat with them about those subjects, the common position is almost always "we don't get why the machine manufacturer don't sells us a secured solution".