Core Insights - The 2025 State of Operational Technology and Cybersecurity Report by Fortinet indicates a significant increase in the responsibility for operational technology (OT) security being assigned to the C-suite, with 95% of organizations reporting C-suite involvement, up from 41% in 2022 [1][2][3] - The report highlights a correlation between OT cybersecurity maturity and the impact of intrusions, with organizations reporting fewer attacks as their maturity increases [2][3] Summary by Categories Responsibility and Accountability - There has been a notable increase in organizations assigning OT security responsibility to the CISO or CSO, with 52% of organizations now reporting this responsibility, up from 16% in 2022 [1][3] - The percentage of organizations planning to move OT cybersecurity under the CISO in the next 12 months has increased from 60% to 80% in 2025 [3] Cybersecurity Maturity - Self-reported OT security maturity has improved, with 26% of organizations at Level 1 (establishing visibility and implementing segmentation), up from 20% the previous year [3] - Organizations reporting higher maturity levels (0-4) are experiencing fewer attacks and are better equipped to handle lower-sophistication tactics, such as phishing [3] - The impact of intrusions on organizations has declined, with operational outages affecting revenue dropping from 52% to 42% [3] Best Practices and Implementation - Adoption of cybersecurity best practices, including basic cyber hygiene and improved training, has led to a significant reduction in business email compromise [3] - The use of threat intelligence has increased by 49% since 2024, indicating a trend towards more informed security practices [3] - A significant decrease in the number of OT device vendors has been observed, with 78% of organizations now using only one to four vendors, reflecting consolidation as part of best practices [3] - Organizations utilizing the Fortinet OT Security Platform have seen a 93% reduction in cyber incidents compared to a flat network [3] Recommendations for Improvement - Establishing visibility and protective controls for OT assets is essential for organizations to understand their OT networks [6] - Deploying segmentation to create defensible OT environments is recommended, following standards such as ISA/IEC 62443 [6] - Integrating OT into security operations and incident response planning is crucial for effective risk management [6] - A platform-based approach to security architecture can simplify management and improve security efficacy [6] - Embracing OT-specific threat intelligence and security services is vital for timely awareness of risks [6]