2025 ICS/OT Cybersecurity Budget Report

Less than half of organisations allocate only 25% of their cybersecurity budgets to safeguarding critical infrastructure

While 55% of organisations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.

Among the top vulnerabilities exploited in ICS/OT systems were internet-accessible devices (33%) and transient devices (27%).

More than 50% of organisations reported experiencing at least one ICS/OT security incident.

Only 27% of organisations place budgetary control under CISOs or CSOs, despite growing recognition of OT cybersecurity as a priority.

IT compromises are the most common entry point, responsible for 58% of ICS/OT incidents.