OPSWAT, a global leader in critical infrastructure protection, has released findings from the SANS Institute’s The State of ICS/OT Cybersecurity 2025 report sponsored by OPSWAT. It reveals that in the past year:
- 21.5 percent of organizations experienced a cyber incident affecting their industrial control system (ICS)/operational technology (OT).
- 37.9 percent of those incidents originated from ransomware attacks.
- 40.3 percent resulted in operational downtime.
The report highlights both progress and persistent blind spots in areas such as asset visibility, secure remote access and incident response readiness as these additional key results indicate:
- Half of ICS/OT incidents began with unauthorized external access, often through third-party remote maintenance.
- Fewer than 15 percent of organizations have advanced remote access controls.
- 12.6 percent report full ICS Kill Chain visibility, leaving critical detection gaps at Purdue Levels 2–3.
- Just 14 percent of respondents felt fully prepared for emerging threats.
“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments,” said Jason Christopher, SANS Institute author of the report. “Organizations must prioritize visibility and segmentation to mitigate these risks effectively.”
“Our earlier research with the SANS Institute showed that most organizations dedicate less than 25 percent of their security budgets to OT,” said Matt Wiseman, Director of Product Marketing at OPSWAT.
"The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.”
Download the report to access the full findings and learn how to build a resilient ICS/OT security posture.
