36% of organizations surveyed believe that networking protocols used by OT systems must be understood better to properly secure OT.

38% of organizations surveyed believe that total costs of digitizing physical infrastructure must be understood better to properly secure OT.

38% of organizations surveyed believe that implementing access control, including remote access, must be understood better to properly secure OT.

33% of organizations surveyed believe that incorporating OT into network maps/architecture must be understood better to properly secure OT.

43% of organizations surveyed believe that risk assessment for OT systems must be understood better to properly secure OT.

41% of organizations surveyed believe that different security priorities for OT vs. IT must be understood better to properly secure OT.

44% of organizations surveyed believe that types of threats that can impact OT must be understood better to properly secure OT.

In 2025, 78% of organisations in the critical sector use four or fewer OT vendors for cybersecurity.

In 2025, more than half (52%) of organisations in the critical sector report that the CISO or CSO is now directly responsible for OT security. This represents a dramatic rise from just 16% in 2022 regarding CISO/CSO responsibility for OT security.

80% of organisations in the critical sector that haven't done so already plan to consolidate OT cybersecurity under the CISO in the next 12 months.

81% of organisations in the critical sector self-assess their OT cybersecurity maturity at Level 3 or 4 on a five-level scale (0–4).

Among critical sector organisations at Level 4 maturity, 65% reported zero intrusions in the past year.

Manufacturing accounted for 17% of all targeted attacks, more than any other sector, according to Fortinet’s 2025 Global Threat Landscape Report.

Only 5% of 2025 organisations in the critical sector stated that OT security is owned by the VP or lower, compared to 59% in 2022.

Over 95% of the surveyed organisations in the critical sector have elevated OT security to the C-suite level since 2022.

Only 46% of Level 0–2 critical sector organisations reported zero intrusions in the past year.

50% of critical sector organisations reported experiencing one or more cybersecurity incidents.