
Fortinet revealed persistent gaps, pointing to critical areas where organizations must strengthen their defenses as IT and OT (operational technology) environments become increasingly interconnected and exposed. In 2025, 52% of organizations now place OT security under the CISO, up from just 16% in 2022. With 80% planning to follow their lead, CISOs are expanding security operations, automation, and threat intelligence into OT environments, bringing industrial cybersecurity into boardroom focus, as responsibility for OT security continues to elevate within executive ranks.
In its ‘2025 State of Operational Technology and Cybersecurity Report,’ Fortinet identified that OT security maturity is affecting the impact of intrusions, as self-reported OT security maturity has made notable progress this year. At the basic Level 1, 26% of organizations report establishing visibility and implementing segmentation, up from 20% in the previous year. The largest number of organizations state their security maturity is at the Level 2 access and profiling phase.
The Sunnyvale, California-headquartered company found a correlation between maturity and attacks. Those organizations that report being more mature (higher on Levels 0–4) are seeing fewer attacks or indicate that they are better able to handle lower-sophistication tactics, such as phishing.
The 2025 study draws on data from a global survey of more than 550 OT professionals, conducted by an independent research firm. This year’s findings show that organizations are taking cybersecurity more seriously, while 81% rate their cybersecurity process maturity at level 3 or 4, where security practices are not only documented but, at the highest level, continuously refined through feedback.
Meanwhile, 58% of respondents report their solution maturity advancing from level 1 to level 2. This stage typically involves selecting technologies and running proofs of concept, suggesting a longer timeline but early signs of progress.
As organizations advance in their maturity level and adopt more advanced solutions, we see declines in most intrusion types. Compared to previous years, intrusions improved significantly, from 6% reporting no intrusions in 2022 to 52% in 2025. In fact, 65% of companies at maturity Level 4 reported zero intrusions compared to 46% within Levels 0–2. Those companies reporting a lower maturity level (0–2) experienced more phishing attacks, while ransomware and malware affected Level 3 and 4 organizations more frequently.
It’s worth noting that some tactics, such as advanced persistent threats (APT) and OT malware, are difficult to detect, and less mature organizations may not have the security solutions in place to determine they exist. Overall, although nearly half of the organizations experienced impacts, the impact of intrusions on organizations is declining, with a noteworthy reduction in operational outages that impacted revenue, which dropped from 52% to 42%.
Apart from the Levels of maturity affecting the impact of intrusions, it appears that adopting best practices, such as implementing basic cyber hygiene and better training and awareness, are having a real impact, including a significant drop in business email compromise. Other best practices include incorporating threat intelligence, which spiked (49%) since 2024. Additionally, the report saw a significant decrease in the number of OT device vendors, which is a sign of maturity and operational efficiency.
More organizations (78%) are now using only one to four OT vendors, which indicates that many of these organizations are consolidating vendors as part of their best practices. Cybersecurity vendor consolidation is also a sign of maturity and corresponds to Fortinet customers’ experiences with the Fortinet OT Security Platform. Unified networking and security at remote OT sites enhanced visibility and reduced cyber risks, leading to a 93% reduction in cyber incidents compared to a flat network. The simplified Fortinet solutions also led to a seven times improvement in performance through reductions in triage and setup.
“The seventh installment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are taking OT security more seriously,” Nirav Shah, senior vice president for products and solutions at Fortinet, said in a media statement. “We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organizations self-reporting increased rates of OT security maturity.”
Alongside these trends, Shah added that “we’re seeing a decrease in the impact of intrusions in organizations that prioritize OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”
Fortinet reported that as organizations increase their maturity and take OT security more seriously, they are doing more to plan for changes in regulations and compliance. In 2025, the majority (66%) expect increased regulation in five years or less, with 40% of respondents expecting an increase in regulations and compliance requirements within two to five years and 26% anticipating it in less than one year.
Data also showed that organizations with higher OT security maturity are experiencing fewer incidents in 2025. “There’s a correlation between self-assessed maturity level and the ability to detect OT malware and other advanced threats. Most organizations continue to support a wide range of older OT devices and face security challenges because of the lack of patches. However, more mature organizations are taking advantage of advanced cybersecurity features such as threat intelligence feeds and virtual patching to mitigate some of the issues with older devices,” it added.
The report noted that cybersecurity attacks are rising, and OT systems continue to be attractive targets for attackers. Effective protection requires constant vigilance and resource allocation. According to the World Economic Forum, escalating geopolitical tensions and the reliance on complex supply chains are leading to a challenging risk landscape.
As organizations continue to digitize and adopt new technology, risks increase correspondingly. OT organizations also face new regulations, compliance burdens, and increasingly sophisticated threats as cybercriminals adopt new techniques that incorporate technology such as artificial intelligence (AI).
Fortinet identified that self-reported OT security maturity has made notable progress this year. At the most basic level, 26% of organizations report establishing visibility and implementing segmentation, up from 20% in the previous year. Additionally, visibility and segmentation have increased compared to 2024. The largest number of organizations state that their security maturity is at the access and profiling phase.
Furthermore, since 2022, there has been a decrease in the proportion of OT teams claiming to have 100% visibility. As more security solutions are applied and combined, IT and OT teams collaborate, and there is also a decline in those identifying 75% visibility within the organization’s central cybersecurity operations. This data indicates that as an organization advances in OT security maturity, it becomes more aware of blind spots in its asset visibility.
The most recent Fortinet Threat Landscape Report states that AI-powered cybercrime is scaling rapidly. Threat actors are harnessing AI to enhance phishing realism and evade traditional security controls, making cyberattacks more effective and difficult to detect.
Fortinet reported that those organizations that have invested in cybersecurity are making progress toward better protecting their sensitive OT systems. However, there is still more work to be done, and many organizations face significant risks from attacks such as phishing that can be relatively simple to curtail through basic cybersecurity hygiene and training.
The report also shared actionable guidance to help organizations strengthen their OT security posture by addressing core challenges through targeted best practices.
First, visibility across OT assets is essential. Organizations must know what’s on their networks before they can defend them. Once visibility is established, protective controls should be applied to critical and vulnerable devices. These controls should be OT-specific, such as protocol-aware network policies, system interaction analysis, and endpoint monitoring, to detect and block compromise attempts.
Reducing intrusions also requires a hardened architecture through network segmentation. This starts by defining zones that separate IT and OT environments, as outlined in standards like ISA/IEC 62443. Segmenting systems limits lateral movement and enforces policy controls. Organizations should assess the operational complexity of their solutions and weigh the advantages of integrated platforms with centralized management to streamline control.
Next, OT environments must be fully incorporated into security operations and incident response planning. This means accounting for OT-specific risks, asset types, and consequences that differ from IT. Developing response playbooks that include OT systems will drive better coordination between IT, OT, and production teams. It also ensures the CISO can allocate resources, budget, and attention based on a complete risk picture.
To reduce architectural sprawl, organizations should consider moving away from fragmented toolsets toward platform-based security. Piecemeal deployments create blind spots and operational overhead. A unified platform that covers IT and OT networks improves visibility, supports automated responses, and centralizes management, ultimately making security operations more efficient and effective.
Finally, OT security must be informed by relevant, real-time threat intelligence. AI-powered services should deliver threat data and context tailored to OT environments. Intelligence feeds should include up-to-date insights on OT-specific vulnerabilities, attack patterns, and indicators of compromise to support proactive defense.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.