OPSWAT, a global critical infrastructure protection cybersecurity solutions, has announced findings from the SANS Institute’s The State of ICS/OT Cybersecurity report, sponsored by OPSWAT.

The report revealed that in the past year:

• 21.5% of organizations experienced a cyber incident affecting their industrial control system (ICS) or operational technology (OT).
• 37.9% of these incidents originated from ransomware attacks.
• 40.3% resulted in operational downtime.

The survey, based on responses from over 330 professionals across critical sectors, highlighted both progress and ongoing blind spots in asset visibility, secure remote access, and incident response readiness. Key results also showed:

• Half of ICS/OT incidents began with unauthorized external access, often through third-party remote maintenance.
• Fewer than 15% of organizations have advanced remote access controls.
• Only 12.6% report full ICS Kill Chain visibility, leaving detection gaps at Purdue Levels 2–3.
• Just 14% of respondents felt fully prepared for emerging threats.

“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments,” said Jason Christopher, SANS Institute, author of the report. “Organizations must prioritize visibility and segmentation to mitigate these risks effectively.”

“Our earlier research with the SANS Institute showed that most organizations dedicate less than 25% of their security budgets to OT,” said Matt Wiseman, Director of Product Marketing at OPSWAT. “The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.”

Related post

View all