Key Findings from the Fortinet 2025 Operational Technology Security Report

The IT/OT air gap is largely gone. Once isolated OT systems are now deeply interconnected with enterprise IT environments. And as these industrial systems continue to modernize, they have become increasingly vulnerable to threat actors. That reality has put OT cybersecurity squarely on the radar of executives, regulators, and adversaries alike.

Fortinet's 2025 State of Operational Technology and Cybersecurity Report provides a detailed examination of how organizations are addressing the increasing risks faced by today's OT networks. Based on a global survey of more than 550 OT professionals across manufacturing, energy, transportation, and other critical sectors, the report captures the current state of OT security, including the progress made, the pressure OT teams still face, and the priorities shaping the future of OT environments. This seventh installment of the report includes four years of trending data to identify emerging trends in OT cybersecurity.

Key findings show that while OT security maturity is improving, the complexity of threats-and the consequences of inaction-are escalating. And while organizations that invest in cybersecurity solutions, vendor consolidation, and best practices are seeing fewer intrusions and faster recovery, significant risks remain.

Here are the insights from this year's report that CISOs and OT leaders need to know.

OT Cybersecurity Responsibility Has Moved to the C-Suite

One of the clearest indicators of progress is the growing assignment of OT cybersecurity to executive leadership. In 2025, more than half (52%) of organizations say the CISO or CSO is now directly responsible for OT security. That's a dramatic rise from just 16% in 2022. The trend continues to accelerate: Only 5% of 2025 respondents said that OT security is owned by the VP or lower, compared to 59% in 2022. This means that over 95% of the organizations surveyed have elevated OT security to the C-suite level. And 80% of the remaining respondents plan to consolidate OT cybersecurity under the CISO in the next 12 months.

This consolidation is more than a reporting change. It reflects a broader understanding that industrial cybersecurity must be part of an integrated, enterprisewide strategy. With threats targeting both IT and OT systems simultaneously, separating their security models no longer works.

OT Maturity Is Growing and It Makes a Difference

This year's report shows that 81% of organizations now self-assess their OT cybersecurity maturity at Level 3 or 4 on a five-level scale (0-4), with Level 4 representing a state of ongoing improvement characterized by documented security guidelines, threat intelligence, and continuous feedback loops that improve security over time.

That maturity translates into tangible results. Among organizations at Level 4, 65% reported zero intrusions in the past year. In contrast, only 46% of Level 0-2 organizations reported the same. The data clearly shows that higher maturity correlates with reduced incident rates and better preparedness for complex, evolving threats.

Phishing, Ransomware, and OT-Specific Threats Continue

Although maturity is improving, OT systems remain attractive targets. According to these latest findings, 50% of organizations still reported experiencing one or more cybersecurity incidents. And attackers continue to use phishing, malware, and increasingly AI-powered tactics to exploit operational vulnerabilities.

Ransomware remains one of the most persistent threats. Both financially motivated cybercriminals and state-aligned actors are targeting the manufacturing sector in particular, as production delays can be quickly monetized. Fortinet's 2025 Global Threat Landscape Report found that manufacturing accounted for 17% of all targeted attacks, more than any other sector.

Consolidating Vendors Reduces Risk and Complexity

Security maturity is not just about processes; it's also about architecture. And more OT teams have reduced the number of vendors they rely on for cybersecurity. In 2025, 78% of organizations use four or fewer OT vendors, a clear signal of strategic consolidation.

This streamlining is delivering results. Organizations that adopt a platform-based security model report stronger visibility, faster triage, and significantly fewer incidents. Fortinet customers deploying unified security solutions across IT and OT environments reported a 93% reduction in cyber incidents and a 7x improvement in response time.

Visibility Is Improving, but Awareness of Blind Spots Is Rising Too

Interestingly, as organizations mature, their confidence in having 100% visibility across OT systems has decreased. This shift may reflect a more realistic understanding of asset inventory gaps and segmentation boundaries, which is a sign of progress. As visibility tools improve, organizations are more likely to identify the areas they previously overlooked.

This growing awareness is a critical step toward reducing risk. Blind spots can conceal legacy assets, unmanaged devices, or insecure configurations that create entry points for attackers. By deploying solutions that combine passive discovery, active scanning, and centralized asset intelligence, organizations can build a more complete picture of their OT environments. Fortinet's integrated approach helps bridge these gaps, enabling consistent visibility across dynamic and distributed industrial networks.

Best Practices Are Making a Real Impact

Organizations that adopt cybersecurity best practices are experiencing fewer incidents and less operational disruption. Some of the most effective strategies include:

• Segmenting OT networks to create defensible zones and reduce lateral movement
• Applying OT-specific threat intelligence to block malicious activity targeting industrial devices
• Using compensating controls and virtual patching to protect unpatched or non-upgradable OT devices and aging infrastructure
• Integrating OT into SecOps and incident response plans, ensuring alignment with enterprise security
• Consider a platform-based approach to consolidate vendors, streamline operations, and enhance coordination across security environments

Scheduled audits, better reporting to executive leadership, and advanced practices such as penetration testing are also becoming more common.

Progress Is Real, but There's More Work to Do

Intrusions are down, maturity is up, and OT is increasingly recognized as a core element of enterprise cybersecurity strategy. Organizations are taking meaningful steps toward segmentation, visibility, and policy enforcement. Yet the work is far from finished. Many OT environments still depend on aging infrastructure, with many industrial control systems (ICS) more than a decade old and often unable to receive direct patches or firmware updates. While modernization is underway across the sector, compensating controls and virtual patching remain crucial to protecting these legacy systems.

At the same time, threat actors are advancing. AI-powered attack techniques, the growing scale of Ransomware-as-a-Service, and rising geopolitical tensions are increasing both the volume and sophistication of attacks, especially those targeting OT. These trends underscore the importance of a proactive security strategy that integrates real-time threat intelligence, centralized security operations, and continuous monitoring. Fortinet's platform-based approach provides OT teams with the tools they need to stay ahead of emerging threats while managing complexity and maintaining operational continuity.

Download the Full OT Report

The 2025 State of Operational Technology and Cybersecurity Report offers a clear view into where industrial security stands and where it needs to go. For CISOs, plant managers, and security professionals, this year's report is a critical resource for benchmarking progress and planning the path forward.

Download the full report to explore the complete findings and best practices. And for more insights, be sure to attend our August 7 webinar, featuring a panel of experts who will discuss the report findings.