OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, has announced findings from the SANS Institute’s The State of ICS/OT Cybersecurity 2025 report sponsored by OPSWAT. It reveals that in the past year:
- 5% of organisations experienced a cyber incident affecting their industrial control system (ICS)/operational technology (OT).
- 9% of those incidents originated from ransomware attacks, and
- 3% resulted in operational downtime.
The survey, based on responses from more than 330 professionals across critical sectors, highlights both progress and persistent blind spots in areas such as asset visibility, secure remote access, and incident response readiness as these additional key results indicate:
- Half of ICS/OT incidents began with unauthorized external access, often through third-party remote maintenance.
- But only fewer than 15% of organizations have advanced remote access controls.
- 6% report full ICS Kill Chain visibility, leaving critical detection gaps at Purdue Levels 2–3.
- Just 14% of respondents felt fully prepared for emerging threats.
“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments,” said Jason Christopher, SANS Institute, author of the report. “Organisations must prioritize visibility and segmentation to mitigate these risks effectively.”
“Our earlier research with the SANS Institute showed that most organisations dedicate less than 25% of their security budgets to OT,” said Matt Wiseman, Director of Product Marketing at OPSWAT. “The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.”
