As industrial systems become more digitised and interconnected, a new global report by cybersecurity company Fortinet reveals a notable shift in how organisations approach Operational Technology (OT) security.
The 2025 State of Operational Technology and Cybersecurity Report highlights that OT security has moved from being primarily a technical issue to a board level concern, now increasingly driven by executive leadership.
According to the report, 52% of organisations have placed OT cybersecurity oversight under the Chief Information Security Officer (CISO) or another senior executive, a significant increase from 16% in 2022.
In addition, 95% of executive leaders are now actively involved in OT security governance, reflecting a growing recognition of OT systems as critical infrastructure vulnerable to cyber threats.
This development is especially visible in sectors such as manufacturing, logistics, energy, petrochemicals, healthcare and water utilities, where OT systems are essential to core operations. 80% of organisations in these industries plan to place OT security responsibilities under the CISO within the next year.
The objective is to align cybersecurity strategies across both IT and OT environments to support more coordinated risk management.
“The seventh instalment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organisations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organisations self-reporting increased rates of OT security maturity,”
said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet.
“Alongside these trends, we are seeing a decrease in the impact of intrusions in organisations that prioritise OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”
The report outlines a clear link between cybersecurity maturity and reduced disruption from cyber incidents. Currently, 26% of organisations report reaching Level 1 OT maturity, defined by enhanced network visibility and segmentation, up from 20% in the previous year.
Most organisations now operate at Level 2, which focuses on access control and asset profiling.
Organisations with higher OT security maturity show stronger resilience to threats such as phishing and more advanced techniques, including persistent attacks and OT-specific malware.
The number of revenue impacting operational outages has declined from 52% to 42%, indicating improvements in incident preparedness and response.
The implementation of cybersecurity best practices continues to positively influence outcomes. Strengthened cyber hygiene, increased employee awareness and improved training programmes have led to a reduction in business email compromise attacks.
The report also highlights a 49% rise in the use of threat intelligence platforms since 2024, signalling a broader shift towards proactive, data driven defence strategies supported by real time analytics.
Vendor consolidation is another indicator of growing cybersecurity maturity.
In 2025, 78% of organisations depend on one to four OT vendors, reducing complexity and improving efficiency.
Many have adopted integrated platform based security solutions that combine threat detection, policy enforcement and incident response.
Organisations using such platforms reported a 93% decrease in cyber incidents compared to flat network setups, along with a sevenfold increase in operational performance due to faster triage, configuration and resolution processes.
The report emphasises the need to incorporate OT into broader Security Operations (SecOps) strategies.
Key recommendations include achieving full visibility across OT networks, applying controls to safeguard vulnerable assets, implementing network segmentation aligned with international standards such as ISA IEC 62443 and using OT specific, AI driven threat intelligence for real time risk mitigation.
Integrating OT into overall incident response planning helps build stronger and more resilient security frameworks, improves cooperation between IT and OT teams and supports quicker and better informed decision making at the executive level.
According to the report, securing OT is no longer a choice but a vital part of ensuring business resilience in today’s evolving threat landscape.
Featured image credit: Fortinet
