Operational technology (OT) cyber security has never been more in focus. Each year, it feels like we see more large-scale incidents, more knock-on effects, more financial losses - all with OT security incidents to blame.
In fact, recent estimates suggest that global OT cyber risk could soon cause $300b in losses each year. This is driven by the very nature of OT security - cascading issues and indirect losses that don’t just stop with single companies or networks. It’s a staggering figure that shows us just how high the stakes have become for manufacturers.
So, if we know the huge risks involved, why is OT security still a relatively small concern for many? Well, the simple truth is that creating a secure OT environment has never been easy. It’s a complicated mix of legacy systems and siloed teams, with growing cyber threats making it one of the most difficult challenges in technology today.
But as the Fortinet 2025 State of Operational Technology and Cybersecurity Report shows, there’s real progress happening. OT security has come a long way in the past year. Organisations are learning, planning, investing, and adapting, bringing mature OT systems that manage a range of threats.
This is a follow up to our blog post that looked at the state of OT and cyber security 2024 report. We’ll look back at last year’s findings and see how they’ve materialised. Then, we’ll explore some of the major talking points from the 2025 Fortinet report and what they could mean for your business.
What the 2024 OT security report told us
Our look at the 2024 report found four major themes:
Cyber intrusions were on the rise as attacks were becoming more frequent and targeted at critical systems
OT visibility was lacking, with many organisations struggling to get visibility of their assets, leaving blind spots for attackers to exploit
OT security was moving up the agenda as more businesses began treating OT as a strategic priority
Best practices like segmentation, access controls, and continuous monitoring were becoming more standard.
So, how have those 2024 themes changed in the past year?
1. OT systems remain prime targets
What’s clear from the 2025 report is that OT continues to attract lots of unwanted attention. Half of all organisations reported one or more cyber security incidents in the past year. This is a slight increase from 2024, telling us everything we need to know about the persistence of threat actors.
As usual, a favourite target for attackers is where IT and OT overlap. It lets them move laterally between systems that were once separate, where a single breach can have far-reaching consequences on finances, productivity, trust, regulations, and more.
2. Visibility is improving
Enough of the bad news. There’s also some good. Specifically, the 2025 report shows that organisations are getting better at identifying and monitoring their OT assets. They’re using tools that provide clearer overviews into complex environments, reducing their overall risk.
A strange quirk is that, while average visibility is increasing across the board, companies are finding it trickier to be 100% confident in their overview. This probably doesn’t mean that visibility has got worse, though. More likely is that businesses are becoming more aware of their limitations. To us, this is a healthy sign of growing OT security awareness and maturity.
3. OT security is everyone’s job
No more underappreciated tech teams fighting for attention at the conference table. OT security is now a part of everyone’s job. More importantly, those senior leaders are aware of their responsibilities. More organisations are now reporting test results and intrusion metrics directly to senior leadership, framing OT risk within the broader business strategy.
4. Best practices are becoming business as usual
Our final 2024 key point looked at best practices becoming part of everyday security. Things like segmenting key networks, building visibility, and integrating IT and OT security had become expected standards. And now, the most resilient organisations are those treating OT security as a continuous process - again, good news for overall security.
These updates show us how OT security has changed in the last year. Next, we’ll look at the key new trends highlighted by the 2025 report.
The 2025 OT cyber security trends
1. OT security remains a growing threat to all types of networks
Sadly, but probably as expected, the number of organisations experiencing cyber intrusions hasn’t declined. Around 50% still reported one or more incidents in 2025. But what is definitely changing is the scale of those intrusions.
In 2024, 49% of affected businesses saw attacks span both their IT and OT systems. In 2025, that figure has jumped to an alarming 60%. This backs up our earlier points and emphasises the continued risks to enterprise and industrial networks.
Or, to put it simply: OT no longer exists in a world of its own. Attackers know these devices and systems often provide an easier entry point than other secure networks. That’s why they’re targeting them more and more. So, it’s absolutely vital to protect all your OT assets now, before the risks grow even further.
2. OT security is now a board-level issue
One of the most difficult challenges of getting OT security buy-in is that it hasn’t always been given the importance it deserved. Not anymore.
In the 2025 report, it’s obvious that OT cyber security now plays a substantial role in business strategy. Responsibility for it has moved to the very top. Some 52% of organisations now assign OT oversight to the CISO or CSO - up from just 16% in 2022 when it barely bothered the boardroom agenda.
But why? Probably because of the growing awareness into how OT security directly impacts business continuity, compliance and brand trust… not to mention the millions in potential losses. Thankfully, this year’s report shows us that board-level attention is allowing OT security to get the attention it deserves.
3. Efforts to improve OT security are providing real-world ROI
Need some more convincing on the benefits of OT security investment? The 2025 report shows that organisations with more mature OT security frameworks are experiencing fewer severe incidents than in 2024.
This is a win for damage limitation. Incidents may still happen, and nearly half still reported some form of intrusion. But, crucially, the number of attacks causing operational outages dropped from 52% to 42% for those with mature OT security systems in place.
This all seems to point to one central takeaway - OT security investments are delivering real ROI in terms of reduced downtime. If an incident were to happen, it would have a less severe impact on the overall company.
4. Working with the right tools and providers is the key to success
Finally, complexity remains one of OT’s biggest challenges. Sometimes less is more. And in 2025, it looks like organisations have been taking steps to improve their OT security by simplifying it.
For one, vendor consolidation is on the rise. A huge 78% of businesses now work with just one to four OT security vendors. Why would this be a benefit? Because having fewer platforms means less fragmentation and a clearer line of defence using cutting-edge solutions.
Having said that, legacy systems are still causing issues. Most devices in use are six years old or more, meaning many organisations could still be relying on creaky systems and workarounds. This is where updating key systems, using the right tools and working with experienced partners can have a positive impact on your OT security.
What these trends mean for you
So, what does this mean for your business?
The 2024 trends showed us that OT security was starting to grow in importance. And now, 2025’s trends demonstrate how OT security should be a key part of business planning. Most importantly, they also show that making improvements has a positive impact, reducing the strain on staff and systems and lowering the risk of severe incidents.
How Nasstar can help
At Nasstar, we know that OT security plays a crucial role in any good cyber security framework. And with our Fortinet partnership, clients can access the tools, frameworks and the expertise needed to prepare for a range of threats. That’s why we’ve proudly worked alongside them for over 15 years.
If you’re looking to modernise your OT defences, improve compliance, or unify your IT and OT security into one cohesive strategy, we can help.
Speak to a specialist today to see how Nasstar can help you build a stronger OT security posture.
