A new report released today by cybersecurity company Fortinet Inc. has found that operational technology cybersecurity is gaining significant attention at the executive level, with corporate leaders increasingly taking responsibility for OT security strategies.
The new 2025 State of Operational Technology and Cybersecurity Report found that 52% of organizations now report that their chief information security officers or chief security officers are directly responsible for OT security, up from 16% in 2022. At the same time, 95% of organizations now say that OT risk now falls under broader C-suite oversight, up from just 41% two years ago.
More organizations were found to be formalizing their cybersecurity frameworks and integrating OT security into broader risk management strategies, resulting in incident severity declining. The report finds that operational outages with revenue impact dropped from 52% to 42% year-over-year, assisted by the adoption of advanced security practices, with segmentation, threat intelligence integration and vendor consolidation playing a critical role.
Mature organizations, those reporting higher security levels, were also found to be significantly less affected by common threats like phishing and are better able to detect sophisticated attacks.
Core to the improved outcomes were an increase in cybersecurity hygiene, improved training and intelligence-driven defenses. Business email compromise incidents have declined and the number of OT vendors used has shrunk, signaling a move toward simplification and operational efficiency. Fortinet notes that organizations using its OT Security Platform saw a 93% drop in incidents and up to sevenfold performance improvements through centralized control and integrated defenses.
The report additionally outlines best practices for OT security teams, including the need to establish full network visibility and protective controls. Other recommendations include implementing segmentation following ISA/IEC 62443 standards, integrating OT systems into SecOps and incident response planning, consolidating vendors through a platform-based security architecture and adopting OT-specific threat intelligence feeds powered by artificial intelligence.
Though the overall trends were mostly positive, the report does highlight one area of concern: legacy systems. With many organizations still relying on outdated infrastructure that was not designed with cybersecurity in mind, the systems are particularly vulnerable to modern threats. Legacy OT devices often lack native security controls and are difficult to update or patch, increasing the risk of exploitation.
Discussing the findings, Tim Mackey, head of software supply chain risk strategy at application security software provider Black Duck Software Inc. told News via email that one of the biggest challenges with cybersecurity in critical infrastructure is the long lifespan of the devices.
“Something that was designed and tested to the best practices available when it was released can easily become vulnerable to attacks using more sophisticated attacks later in its lifecycle,” explains Mackey. “In effect, legacy best practices may not be up to the task of mitigating current threats, or worse those that might be deployed in the coming years. Since attackers know that critical infrastructure providers are measured in their up-time or service availability, once a device is compromised, attackers know that they have the luxury of mapping out and planning a very targeted attack rather than just being opportunistic.”
John Whittle, chief operating officer of Fortinet, spoke with theCUBE, News Media’s livestreaming studio, in June, when he discussed Fortinet’s playbook for cybersecurity success:
Image: News/Reve
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
News Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of News, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — News Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.