Fortinet releases 2025 state of operational technology and cybersecurity report

Fortinet, the global cybersecurity leader at the forefront of integrating networking and security, has released the findings of its 2025 State of Operational Technology and Cybersecurity Report. This latest report provides a detailed overview of the current landscape of operational technology (OT) cybersecurity, identifying key areas for improvement and offering actionable guidance for organisations aiming to strengthen their cyber defences in an increasingly complex and converging IT/OT threat environment.

In addition to presenting critical trends and challenges impacting OT-driven industries, the report highlights best practices to help IT and OT security teams better protect their cyber-physical systems. According to Nirav Shah, Senior Vice President of Products and Solutions at Fortinet, “The seventh edition of the Fortinet State of Operational Technology and Cybersecurity Report demonstrates that OT security is increasingly being taken seriously. We're seeing this reflected in the growing involvement of the C-suite in overseeing OT risk, and more organisations are reporting a higher level of OT security maturity. Notably, the organisations that prioritise OT security are seeing reduced impacts from cyber intrusions. It's clear that protecting critical OT systems requires commitment and investment at every level of leadership.”

Key findings from the report

A key finding from the report is the growing elevation of OT security responsibility within executive ranks. More than half (52%) of organisations now report that the Chief Information Security Officer (CISO) or Chief Security Officer (CSO) is responsible for OT security, a significant increase from just 16% in 2022. Across all C-suite roles, responsibility has surged to 95%. Furthermore, the proportion of organisations planning to transition OT security oversight to the CISO within the next 12 months has risen from 60% to 80%, signalling a decisive move toward centralised and strategic security governance.

The report also reveals that OT security maturity is improving year over year, with tangible benefits. At the foundational Level 1, which includes achieving visibility and network segmentation, 26% of organisations now report implementation, up from 20% in the previous year. The majority place themselves at Level 2, focused on access and profiling. Importantly, a clear link was identified between security maturity and reduced impact from cyber intrusions. Organisations at higher maturity levels (Levels 3–4) are experiencing fewer incidents or are better equipped to handle common threats such as phishing. In contrast, less mature organisations may remain vulnerable to more advanced techniques like OT-specific malware or advanced persistent threats (APTs), which often go undetected without sophisticated tools. Encouragingly, the overall impact of cyber incidents is decreasing. The number of organisations reporting operational disruptions that affected revenue fell from 52% to 42%.

Beyond security maturity, the adoption of cybersecurity best practices is driving positive results. Basic cyber hygiene, staff training, and the integration of threat intelligence have all contributed to measurable improvements. Business email compromise, in particular, has seen a significant drop. The use of threat intelligence has grown sharply, with 49% of organisations now incorporating it, up significantly since 2024. Another sign of growing maturity is vendor consolidation. The number of OT device vendors in use is decreasing, with 78% of organisations now working with between one and four vendors. This streamlining of operations is indicative of a broader trend toward efficiency and integration, which aligns with Fortinet customer experiences using the Fortinet OT Security Platform. Those leveraging Fortinet’s unified networking and security solutions at remote OT sites have reported a 93% reduction in cyber incidents, compared to flat networks. These organisations also achieved a sevenfold improvement in performance, driven by reduced triage times and simplified deployment.

Based on these insights, Fortinet recommends several best practices for strengthening OT security. First, organisations must establish full visibility of their OT environments and implement compensating controls to protect critical or vulnerable devices. This includes deploying protocol-aware policies, system interaction monitoring, and endpoint visibility to prevent potential breaches. Second, network segmentation is essential to reduce the attack surface and enforce strict boundaries between OT and IT networks. Adhering to standards such as ISA/IEC 62443 can help enforce strong policy controls at all access points. Third, OT systems must be integrated into broader security operations (SecOps) and incident response plans. Given the unique nature of OT environments, ranging from device types to the criticality of operations, OT-specific playbooks should be created to facilitate collaboration across IT, OT, and production teams. This ensures appropriate budgeting, prioritisation, and resourcing from leadership.

Fourth, organisations should consider adopting a platform-based approach to security. Many have assembled disparate tools from multiple vendors, resulting in overly complex architectures that hamper visibility and strain resources. A consolidated, platform-based solution can improve operational efficiency, support centralised management, and enable automated threat responses across both IT and OT systems. Finally, OT-specific threat intelligence and security services should be integrated into the overall security architecture. AI-powered threat detection, real-time analytics, and rich OT-focused data feeds are essential for timely protection against emerging threats.

The Fortinet 2025 State of Operational Technology and Cybersecurity Report is based on a global survey of more than 550 OT professionals, conducted by an independent research firm. Respondents represent a broad spectrum of regions including the United Kingdom, Australia, Canada, Brazil, Germany, India, Japan, South Africa, the United States, and many more. The industries surveyed are among the most OT-reliant, such as manufacturing, energy and utilities, oil and gas, transportation, healthcare and pharmaceuticals, chemicals, and water and wastewater. Most respondents are directly involved in OT operations and cybersecurity decision-making, with responsibilities that often span manufacturing and plant operations.

This year’s findings underline that while progress has been made, OT cybersecurity remains a dynamic and high-stakes challenge. Strategic leadership, mature practices, and integrated platforms will be essential in helping organisations secure their critical infrastructure in the face of ever-evolving threats.