OPSWAT has released new findings from SANS Institute’s The State of ICS/OT Cybersecurity 2025 report, sponsored by OPSWAT. The study reveals that industrial control system (ICS) and operational technology (OT) environments remain highly vulnerable to cyberattacks, particularly ransomware-driven incidents.
According to the survey, 21.5% of organizations experienced at least one ICS/OT cyber incident in the past year. Of these incidents:
- 37.9% originated from ransomware attacks
- 40.3% resulted in operational downtime, disrupting critical services and industrial operations
The research is based on responses from more than 330 cybersecurity and OT professionals across energy, manufacturing, utilities, transportation, and other critical infrastructure sectors.
Ransomware and Remote Access Remain Top ICS/OT Threat Vectors
The report highlights ongoing challenges in ICS/OT security posture, especially in environments where IT and OT systems are converging. Nearly 50% of ICS/OT incidents began with unauthorized external access, frequently linked to third-party remote maintenance connections.
Despite this risk, fewer than 15% of organizations reported having advanced secure remote access controls in place, exposing a major gap in OT cyber defense strategies.
Limited Visibility and Incident Readiness Expose Industrial Systems
The survey also uncovered significant blind spots in industrial cybersecurity monitoring and preparedness:
- Only 12.6% of organizations reported full ICS Kill Chain visibility
- Critical detection gaps persist at Purdue Model Levels 2–3
- Just 14% of respondents said they feel fully prepared for emerging ICS/OT cyber threats
These findings suggest that many organizations lack the real-time visibility needed to detect, respond to, and contain attacks before they impact safety or production.
“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged IT/OT environments. Organizations must prioritize visibility and segmentation to mitigate these risks effectively,” said Jason Christopher, author of the report at the SANS Institute.
OT Security Needs Smarter Investment, Not Just Bigger Budgets
OPSWAT emphasized that budget allocation alone is not enough to address growing OT cyber risks. Previous joint research between OPSWAT and SANS found that most organizations allocate less than 25% of their cybersecurity budgets to OT environments.
“Our earlier research showed limited OT security spending, but the new findings make it clear that increased spending alone is not the solution. Organizations must invest smarter—focusing on segmentation, secure remote access, and scanning inbound files and devices before they reach operational environments. OT security requires an integrated approach to close the gaps attackers continue to exploit,” said Matt Wiseman, Director of Product Marketing at OPSWAT.
Growing Urgency for ICS/OT Cybersecurity Modernization
As ransomware attacks and supply chain threats continue to target industrial and critical infrastructure systems, the report underscores the urgency for organizations to modernize their ICS/OT cybersecurity strategies. Strengthening asset visibility, enforcing zero-trust remote access, and deploying proactive threat prevention controls are emerging as top priorities for protecting safety, uptime, and national infrastructure resilience.
