Survey Reveals One in Five Organizations Experienced Cyber Incidents in ICS/OT
in News
- A recent survey by OPSWAT indicates that over 20% of organizations have faced a cyber incident impacting their industrial control systems (ICS).
- Specifically, 21.5% reported an ICS or operational technology (OT) cyber event in the last year.
- The survey highlights significant visibility challenges in industrial settings.
A recent survey sponsored by OPSWAT has unveiled a concerning reality: more than one in five organizations reported experiencing a cyber incident affecting their industrial control systems or operational technology within the last twelve months. These findings are detailed in the State of ICS/OT Cybersecurity 2025 report by the SANS Institute, which compiled responses from over 330 professionals across critical infrastructure sectors.
The survey revealed that 21.5% of organizations faced an ICS or OT cyber incident within the past year. Notably, a significant portion of these incidents—37.9%—stemmed from ransomware attacks, and operational downtime was the consequence for 40.3% of those affected. These statistics underscore the urgent need for enhanced cybersecurity measures in industrial settings.
Challenges in Cybersecurity Management
The report highlights ongoing vulnerabilities in how organizations safeguard their operational environments. Alarmingly, half of the reported incidents began due to unauthorized external access, frequently attributed to third-party remote maintenance efforts. However, fewer than 15% of organizations confirm having advanced remote access controls in place, highlighting a significant gap in security practices.
Limited Visibility and Preparedness
The survey also identified a troubling lack of visibility across industrial environments. Only 12.6% of participants reported having complete visibility of the ICS kill chain, which points to considerable detection gaps at Purdue Levels 2 and 3. Moreover, just 14% of respondents felt adequately prepared to tackle emerging cyber threats. This lack of preparedness is a crucial concern, especially in an era where cyber threats are becoming increasingly sophisticated.
The Insights from Industry Players
The survey, drawing on the views of over 330 professionals from critical sectors, reveals both progress and persistent weaknesses in areas such as asset visibility and incident response readiness. Jason Christopher from the SANS Institute noted that the findings reflect mixed progress. He said, “While advancements are being made, the industry still confronts substantial challenges in securing converged environments. Organizations need to focus on improving visibility and segmentation to effectively mitigate these risks.”
Financial Commitment to Cybersecurity
OPSWAT’s analysis indicates that operational technology security remains significantly underfunded. Matt Wiseman, Director of Product Marketing at OPSWAT, emphasized the need for organizations to shift their focus from blanket spending to strategic investments in effective controls. Wiseman stated, “Our earlier findings with the SANS Institute revealed that most organizations devote less than 25% of their security budgets to OT. This new data clearly shows that simply increasing expenditure isn’t sufficient. Organizations must prioritize smarter investments in essential controls—such as segmentation, secure remote access, and thorough scanning of inbound files and devices—to protect their critical operations effectively.”
Despite a growing awareness of the risks associated with ICS and OT environments, the report signifies that many organizations still lack the vital controls and visibility needed to maintain operational continuity and protect their essential functions. The challenges highlighted in this survey serve as a reminder of the importance of robust cybersecurity measures in today’s interconnected industrial landscape.
