A recent survey has revealed that over one in five organisations experienced a cyber incident impacting their industrial control systems (ICS) or operational technology (OT) within the last year. This finding underscores ongoing vulnerabilities in critical infrastructure protection.
The SANS Institute’s The State of ICS/OT Cybersecurity 2025 report, sponsored by OPSWAT, gathered insights from more than 330 professionals across various critical infrastructure sectors. The data indicates a persistent threat landscape for operational environments.
ICS/OT Cybersecurity Incidents Continue to Plague Organisations
The survey found that 21.5 per cent of organisations reported an ICS or OT cyber incident over the past 12 months. Among these incidents, ransomware attacks were a significant contributor, accounting for 37.9 per cent. Additionally, 40.3 per cent of these breaches resulted in operational downtime, highlighting the direct impact on essential services.
A major factor contributing to these incidents appears to be a lack of robust security protocols for remote access. The report indicates that half of the reported incidents began with unauthorized external access, frequently attributed to third-party remote maintenance. However, the survey data suggests that fewer than 15 per cent of organisations have implemented advanced controls to manage this type of access.
Challenges in Visibility and Preparedness
Beyond access issues, the survey also highlighted a significant gap in visibility across industrial environments. Only 12.6 per cent of respondents reported having full visibility of the operational technology kill chain, a critical pathway for cyberattacks. This lack of insight can lead to undetected intrusions at key levels of operational systems.
Furthermore, the overall readiness of organisations to confront evolving cyber threats appears to be lagging. Just 14 per cent of respondents expressed confidence in their preparedness for emerging cyber threats, suggesting a widespread need for enhanced security strategies and investments.
Expert Analysis and Recommendations
Jason Christopher, the report’s author from the SANS Institute, stated that the findings represent a mixed picture of progress. “Organisations must prioritise visibility and segmentation to mitigate these risks effectively,” Christopher commented in relation to the survey results.
Matt Wiseman, Director of Product Marketing at OPSWAT, noted that the survey results align with prior research indicating underfunding of operational technology security. “The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment,” Wiseman explained. He emphasized the need for an integrated approach to OT security.
The report underscores that despite increased awareness of ICS and OT risks, many organisations still struggle with implementing the necessary controls and achieving the visibility required to prevent disruptions and safeguard critical operations.
Looking Ahead
The SANS Institute plans to release further details and analysis from the report in the coming months. Organisations will likely be watching for trends in adopted security measures and government advisories aimed at strengthening ICS/OT defenses. The ongoing nature of these cyber threats suggests continued focus on secure remote access and threat detection capabilities.