2025 State of Operational Technology and Cybersecurity

In 2025, 78% of organisations in the critical sector use four or fewer OT vendors for cybersecurity.

81% of organisations in the critical sector self-assess their OT cybersecurity maturity at Level 3 or 4 on a five-level scale (0–4).

Among critical sector organisations at Level 4 maturity, 65% reported zero intrusions in the past year.

In 2025, more than half (52%) of organisations in the critical sector report that the CISO or CSO is now directly responsible for OT security. This represents a dramatic rise from just 16% in 2022 regarding CISO/CSO responsibility for OT security.

80% of organisations in the critical sector that haven't done so already plan to consolidate OT cybersecurity under the CISO in the next 12 months.

Manufacturing accounted for 17% of all targeted attacks, more than any other sector, according to Fortinet’s 2025 Global Threat Landscape Report.

Only 5% of 2025 organisations in the critical sector stated that OT security is owned by the VP or lower, compared to 59% in 2022.

Over 95% of the surveyed organisations in the critical sector have elevated OT security to the C-suite level since 2022.

Only 46% of Level 0–2 critical sector organisations reported zero intrusions in the past year.

50% of critical sector organisations reported experiencing one or more cybersecurity incidents.