Fortinet has published its global report titled “Operational Technology and Cybersecurity Outlook 2025,” revealing that OT security has climbed the ranks within organizational leadership. The study shows progress in OT cybersecurity maturity, fewer intrusion incidents, and increasing CISO engagement in safeguarding critical infrastructure amid an increasingly complex IT/OT threat landscape.
“We’re seeing OT security responsibilities rising strongly to the C-suite level, especially toward the CISO and CSO. This shift in focus is significantly reducing the impact of intrusions on organizations that prioritize their OT security,” says Nirav Shah, Fortinet’s Senior Vice President of Products and Solutions.
Key Findings of the 2025 Report
95% of companies now assign OT security to senior management, with over 52% led by the CISO or CSO — up from 16% in 2022. 80% plan to consolidate this responsibility within the next year.
OT security maturity is increasing: 26% of organizations claim to have reached Level 1 (visibility and segmentation), compared to 20% last year. More mature companies experience fewer attacks and are better at managing common threats like phishing.
Fewer operational disruptions: incidents causing production halts or revenue loss decreased from 52% to 42%.
OT vendor consolidation: 78% of organizations now work with between one and four providers, enhancing efficiency and simplifying security architecture.
Cyborg hygiene and training are effective: practices such as multi-factor authentication (MFA), strong password policies, and threat intelligence are significantly reducing threats like business email compromise (BEC).
Fortinet’s Recommended Best Practices
The report outlines critical strategies to strengthen OT security posture:
Complete visibility of OT assets: knowing all connected devices is essential. Implement specific compensating controls for sensitive equipment, interaction analysis, and endpoint monitoring.
Network segmentation: dividing networks into security zones reinforces defense. Standards like ISA/IEC 62443 recommend segmenting OT and IT to limit threat spread.
OT integration into SecOps: incident response plans should explicitly include OT environments. Dedicated playbooks and collaboration between IT and OT teams are key for comprehensive risk assessment.
Adoption of integrated platforms: consolidating security solutions reduces operational complexity. Platforms combining IT and OT networks enable automation, central management, and increased effectiveness.
Targeted OT threat intelligence and AI: protecting against APTs or industrial malware requires tailored intelligence sources for OT environments and real-time analytics enabled by AI.
OT Security: Toward a Converged Defense
The Fortinet report highlights how IT and OT convergence is forcing a redesign of cybersecurity strategies. In an increasingly digital landscape — with connected industrial plants, autonomous vehicles, and smart grids — protecting cyber-physical systems is no longer optional but a strategic priority.
Fortinet emphasizes that customers using their Fortinet OT Security platform have achieved up to 93% fewer incidents, thanks to advanced segmentation, and up to seven times greater operational efficiency through reduced analysis and configuration efforts.
About the Study
The report is based on an independent survey of over 550 OT professionals across manufacturing, transportation, energy, healthcare, and water treatment sectors. Participants hail from more than 30 countries, including the U.S., Spain, the UK, Germany, Brazil, Mexico, Japan, and South Africa.
Via: Fortinet