Healthcare organizations have 35% of their devices classified as extended IoT.

44% of organizations surveyed believe that types of threats that can impact OT must be understood better to properly secure OT.

41% of organizations surveyed believe that different security priorities for OT vs. IT must be understood better to properly secure OT.

43% of organizations surveyed believe that risk assessment for OT systems must be understood better to properly secure OT.

33% of organizations surveyed believe that incorporating OT into network maps/architecture must be understood better to properly secure OT.

37% of firms believe OT cybersecurity has been overlooked.

34% of firms believe there is insufficient OT budget.

45% of firms believe existing IT workers need OT training.

38% of organizations surveyed believe that implementing access control, including remote access, must be understood better to properly secure OT.

36% of organizations surveyed believe that networking protocols used by OT systems must be understood better to properly secure OT.

38% of organizations surveyed believe that total costs of digitizing physical infrastructure must be understood better to properly secure OT.

87% of leaders at industrial organizations believe it is very or extremely important to integrate OT cybersecurity tools with industrial code management tools.

87% of leaders at industrial organizations believe it is very or extremely important to integrate OT cybersecurity tools with industrial code management tools.

The TrickBot malware family has extorted more than US$724 million in cryptocurrency from victims since 2016.

Only 5% of 2025 organisations in the critical sector stated that OT security is owned by the VP or lower, compared to 59% in 2022.

Manufacturing accounted for 17% of all targeted attacks, more than any other sector, according to Fortinet’s 2025 Global Threat Landscape Report.

Among critical sector organisations at Level 4 maturity, 65% reported zero intrusions in the past year.

81% of organisations in the critical sector self-assess their OT cybersecurity maturity at Level 3 or 4 on a five-level scale (0–4).

80% of organisations in the critical sector that haven't done so already plan to consolidate OT cybersecurity under the CISO in the next 12 months.

Over 95% of the surveyed organisations in the critical sector have elevated OT security to the C-suite level since 2022.