INTELLIGENT OPERATIONAL TECHNOLOGY

More than half( 52 %) of organisations report that the CISO / CSO is responsible for OT, up from 16 % in 2022, while 95 % of organisations report that the C-suite is responsible for OT, up from 41 % in 2022.

ortinet, has announced findings from its global 2025

State of Operational Technology and Cybersecurity Report.

The results reflect the current state of operational technology( OT) cybersecurity and highlight opportunities for organisations to strengthen protection across a rapidly evolving IT / OT threat landscape.

In addition to trends impacting OT organisations, the report offers best practices to help IT and OT security teams better secure their cyber-physical systems.

Key findings from the global survey include:

• Responsibility for OT security continues to elevate within executive ranks: Now 52 % of organisations report that the CISO / CSO is responsible for OT, up from 16 % in 2022. The share of C-suite roles responsible

Nirav Shah overall has surged to 95 %, up from 41 %.

• OT cybersecurity maturity is reducing the impact of intrusions: Organisations at higher maturity levels report fewer cyberattacks or are better equipped to handle lower-level threats such as phishing. At Level 1 maturity, 26 % of organisations report having visibility and segmentation, up from 20 %.

• Best practices are making a measurable impact: Adoption of basic cyber hygiene and awareness training is reducing intrusion impact. Business email compromise incidents have notably declined, and threat intelligence integration is up 49 % since 2024.

Best practices recommended by Fortinet include:

“ The seventh instalment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organisations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organisations self-reporting increased rates of OT security maturity,” said Nirav Shah, Senior Vice President, Products and Solutions, Fortinet.

“ Alongside these trends, we’ re seeing a decrease in the impact of intrusions in organisations that prioritise OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”

• Establish visibility and compensating controls for OT assets: Organisations need to gain full visibility of all devices on their OT networks.

• Deploy segmentation: Reducing intrusions requires a hardened environment with network segmentation and robust policy controls.

• Integrate OT into SecOps and incident response planning: OT-specific risks should be incorporated into SecOps strategies and response plans.

• Consider a platform approach: Many organisations face overly complex architectures due to using multiple vendors. A unified, platform-based approach offers greater visibility, efficiency and security efficacy across both IT and OT environments. Automation and integration streamline threat response.

• Embrace OT-specific threat intelligence and services: Real-time protection depends on threat feeds that are tailored to OT environments. AI-powered analytics and OT-specific intelligence are crucial for identifying attack variants and imminent risks before disruption occurs.

28 WWW. INTELLIGENTCISO. COM