30 Dec Survey finds one in five organisations hit by ICS/OT cyber incident
Posted at 04:29h in News by BrittJones
- A new survey sponsored by OPSWAT has found that more than one in five organisations experienced a cyber incident affecting their industrial control systems
- 21.5 per cent of organisations reported an ICS or OT cyber incident during the past 12 months
- The survey also found limited visibility across industrial environments
A new survey sponsored by OPSWAT has found that more than one in five organisations experienced a cyber incident affecting their industrial control systems or operational technology in the past year.
The findings are published in The State of ICS/OT Cybersecurity 2025 report by the SANS Institute, based on responses from more than 330 professionals working across critical infrastructure sectors.
According to the survey, 21.5 per cent of organisations reported an ICS or OT cyber incident during the past 12 months. Of those incidents, 37.9 per cent originated from ransomware attacks, while 40.3 per cent resulted in operational downtime.
The report points to ongoing weaknesses in how organisations manage and protect operational environments. Half of the reported incidents began with unauthorised external access, often linked to third-party remote maintenance. However, fewer than 15 per cent of organisations said they have advanced remote access controls in place.
The survey also found limited visibility across industrial environments. Only 12.6 per cent of respondents reported full visibility of the ICS kill chain. This leaves detection gaps at Purdue Levels 2 and 3.
In addition, just 14 per cent of respondents said they felt fully prepared to deal with emerging cyber threats.
The survey, based on responses from more than 330 professionals across critical sectors, highlights both progress and persistent blind spots in areas such as asset visibility, secure remote access, and incident response readiness, as these additional key results indicate:
It found that:
- Half of ICS/OT incidents began with unauthorised external access, often through third-party remote maintenance.
- But fewer than 15 per cent of organisations have advanced remote access controls.
- 12.6 per cent report full ICS Kill Chain visibility, leaving critical detection gaps at Purdue Levels 2–3.
- Just 14 per cent of respondents felt fully prepared for emerging threats.
Jason Christopher, author of the report at the SANS Institute, said the findings show mixed progress.
“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments,” said Christopher. “Organisations must prioritise visibility and segmentation to mitigate these risks effectively.”
OPSWAT said the results align with earlier research showing that operational technology security remains underfunded. Matt Wiseman, Director of Product Marketing at OPSWAT, said the focus needs to shift from overall spending to targeted controls.
“Our earlier research with the SANS Institute showed that most organisations dedicate less than 25% of their security budgets to OT,” said Wiseman. “The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.”
The report reveals that, despite increasing awareness of ICS and OT risks, many organisations still lack the necessary controls and visibility to mitigate disruptions and protect their critical operations.