Executive Summary
The interconnected nature of modern IT-OT convergence environments presents both opportunities and significant risks. In the past year, 94% of organizations reported being at risk of OT cyber incidents. Among them, 98% experienced IT incidents affecting their OT environments, including penetration attacks originating from IT environments (68%) and collateral damage spilling over from IT environments (30%). While ransomware incidents decreased from 47% in 2023 to 28% in 2024, a new growing concern has emerged: the increasing focus of nation-state attackers on critical infrastructure. OT/ICS environments face diverse threats, including Advanced Persistent Threats (APTs), supply chain software vulnerabilities, and advanced malware such as Fuxnet and FrostyGoop.
2023 - 2024 Ransomware incidents
of organizations in OT environments do not patch regularly due to downtime concerns
The CISA Known Exploited Vulnerabilities (KEV) Catalog is a cornerstone of vulnerability management, as it reports actively exploited weaknesses. While the number of KEVs in 2024 has not risen sharply, critical vulnerabilities persist, with Microsoft being the most affected vendor. This demonstrates the continued exploitation of vulnerabilities, including legacy systems and delayed patch updates. 85% of organizations in OT environments do not patch regularly due to downtime concerns, leaving them more exposed to known vulnerabilities. This highlights the urgent need for critical defense during patch delays and a dynamic patch prioritization model to optimize the use of limited resources and time.
Faced with a rapidly evolving threat landscape, administrations are promoting more regulations and guidelines to safeguard OT/ICS systems, recognizing their essential role in protecting critical infrastructure and manufacturing. As cyber threats intensify, nations are adopting dynamic, risk-based standards to address vulnerabilities across industries. 55% of organizations cite data breaches, and 51% point to compliance failures as the primary drivers of investment in OT cybersecurity.
One certainty is that 87% of organizations report that they increased their OT cybersecurity budgets. However, challenges such as limited operational downtime (41%) and cross-department collaboration gaps (37%) hinder effective implementation. The issue of a false sense of security is critical to address in the near future. Despite 95% of organizations expressing confidence in their OT cybersecurity strategies, 67% experienced incidents such as ransomware, APTs, and vulnerability exploits, revealing clear, empirically observable gaps in their defenses.
Achieving robust OT security requires a shift from reactive measures to proactive, tailored strategies. By addressing visibility gaps, integrating advanced technologies, and fostering cross-department collaboration, organizations can ensure their operational continuity and resilience while protecting the critical infrastructure that upholds the fabric of daily lives.
of organizations report increased OT cybersecurity budgets
of organizations are challenged by limited operational downtime
of organizations are challenged by cross-department collaboration gaps
of organizations express confidence in their OT cybersecurity strategies
of organizations experienced incidents such as ransomware, APTs, and vulnerability exploits
Key Insights with Critical Numbers
Rising Convergence Challenges and Threats
of organizations are at risk of OT cyber incidents.
of OT incidents result from IT penetration attacks (68%) or collateral damage (30%).
of organizations have faced cyber incidents due to Advanced Persistent Threat (APT) attacks.
Patching Challenges and Interim Defenses
of organizations have experienced OT cyber incidents related to software vulnerability exploitation.
of organizations in OT environments do not patch frequently due to concerns about downtime.
of organizations opt for increased monitoring when patches are unavailable, but this is not an adequate solution.
Regulations and Standards
cite compliance failures as the primary drivers of investment in OT cybersecurity.
of organizations identify supply chain audits and third-party risk management as critical strategies for defending against malware.
of organizations prioritize “supply chain security management” as the top focus for cybersecurity investment over the next two years.
Divisions and Gaps in OT Security
of organizations exhibit a false sense of security—expressing confidence in their OT defenses while still experiencing OT cyber incidents.
report increasing OT cybersecurity budgets, yet challenges hinder effective implementation.
of organizations achieve comprehensive OT asset monitoring; this leaves critical gaps in threat identification and risk mitigation.
Achieving robust OT security requires a shift from reactive measures to proactive, tailored strategies. By addressing visibility gaps, integrating advanced technologies, and fostering cross-department collaboration, organizations can ensure their operational continuity and resilience while protecting the critical infrastructure that upholds the fabric of daily lives.
