Persistent Challenges
As in previous editions, the OT cybersecurity insights in this report are not focused on sensational hacker stories. Instead, we continue to track a wide range of OT cybersecurity topics over time, seeking to faithfully reflect the real-world obstacles faced by frontline security practitioners and the progress they have achieved.
Because our survey applies strict criteria on enterprise size, the perspectives presented here reflect the challenges encountered by CISOs, CIOs, and CSOs in large enterprises. These challenges can reasonably be seen as those that smaller organizations will face in the future or are already facing today. At the same time, the progress observed here offers grounds for optimism about the advancements the broader industry is likely to achieve.
Skip to
Insufficient Professional Knowledge
Lack of Dedicated OT Solutions
IT Systems Remain the Primary Source of Cyber Incidents
Human Constraints
Living with Legacy Systems
Chronic Challenges
The nature of OT environments makes rapid change difficult. Legacy systems, strict uptime requirements, and limited patch windows create cybersecurity challenges that recur year over year, requiring patient, methodical effort rather than quick fixes.
Figure 2.1: Primary Knowledge Gaps*
*Overall composition shown. Click chart for industry-specific breakdown.
Insufficient Professional Knowledge
The shortage of cybersecurity expertise has long been a challenge in OT environments. In this survey, respondents identified key knowledge gaps among their security personnel across all industries: insufficient expertise in information security, limited understanding of OT cybersecurity standards, and inadequate knowledge of OT environment operations. Budget constraints for dedicated OT security staff and a lack of training opportunities compound the problem.
These gaps indicate a challenge that only compounds over time: organizations struggle not only to hire enough people, but to ensure existing staff possess the cross-domain expertise that OT security demands—spanning both cybersecurity fundamentals and operational technology.
Lack of Dedicated OT Solutions
The lack of dedicated cybersecurity intelligence for OT environments (67%) and the shortage of cybersecurity monitoring and protection tools (61%) are viewed by security leaders as the most significant obstacles across organizations. So, even if the talent gap was addressed, tooling gaps remain. Tools designed for IT environments--where systems can be patched regularly, rebooted freely, and monitored with agents--do not translate to OT environments where uptime is non-negotiable, and legacy systems cannot accommodate standard security agents. Security teams are further limited by outdated systems (45%) and the difficulty of shutting down systems for updates (42%) in environments where operations must run uninterrupted.
Figure 2.2: Primary Implementation Obstacles*
*Overall composition shown. Click chart for industry-specific breakdown.
IT Systems Remain the Primary Source of Cyber Incidents
Over four years of reporting, IT-to-OT spillover has remained the most consistent trend—96% of OT incidents again originated from IT compromises this year. The implication is twofold: OT environments must achieve cyber-hygiene parity with IT, and they need a secondary line of defense to provide a fail-safe when IT perimeters fail.
This persistent pattern reveals a structural challenge rather than a temporary gap. While IT security strategies prioritize detection and rapid response, OT environments cannot afford the operational disruption that follows a detected breach. The time between detection and containment, measured in hours or days in IT environments, translates into production losses and safety risks in OT. This reality necessitates defenses that prevent compromise at the OT layer, even when IT perimeters have been breached.
Figure 2.3: IT-to-OT Spillover Consistency (2022-2025) Percentage of OT Incidents Originating From IT Systems*
*Overall composition shown. Click chart for industry-specific breakdown.
Figure 2.4: Staff-to-Device Workload Distribution*
*Overall composition shown. Click chart for industry-specific breakdown.
Human Constraints
This survey reveals that each cybersecurity professional is responsible for managing roughly 50 to 200 Windows-based devices, with 69% of organizations falling in this range. At first glance, this may not seem unreasonable. However, once the uniqueness of devices in OT environments is taken into account, along with the mix of legacy and modern systems and the diverse application combinations running on them, this number represents a far heavier workload than it would in IT environments. When non-Windows devices are also included, it becomes clear why OT cybersecurity teams are currently under such significant strain.
Living with Legacy Systems
Legacy equipment has long been the Achilles' heel of OT cybersecurity. Many devices in OT environments have already reached end-of-life (EOL) for security patch support, leading many experts to recommend system upgrades to mitigate known vulnerabilities. However, the total cost of replacing legacy equipment in OT settings is far more prohibitive than generally imagined. Beyond the direct hardware and software expenditures lie even greater hidden costs, such as financial losses from downtime and the complex troubleshooting of compatibility issues that would need to be carried out by workers already under strain. Consequently, most organizations find it difficult to phase out these aging systems. Instead, they choose to coexist with the risk, finding workarounds to navigate the challenges of legacy equipment.
Substance and function matter more than appearance or age. Whether it is cutting-edge machinery or a legacy asset, the mission in OT remains the same: ensuring consistent, stable delivery of operational output. Under this premise, legacy equipment is not a liability that causes problems but an asset that generates real business value. A substantial 88% of respondents believe their organizations are highly or at least somewhat efficient in managing the coexiestence of modern and legacy systems.
Figure 2.5: Efficiency in Managing Legacy and Modern System Coexistence*
*Overall composition shown. Click chart for industry-specific breakdown.
However, operational efficiency does not eliminate security risk. While enterprises have successfully adapted their processes to accommodate legacy systems, the security challenges these systems pose require ongoing attention. When facing malware-related challenges, legacy systems, interoperability issues and lack of OT visibility (14%) tie as the most-cited concerns. This is closely followed by network segmentation difficulties (13%). This clustering suggests no single silver bullet—organizations face multiple, interconnected barriers to effective malware defense. Consequently, the need to find effective ways to secure legacy systems--while managing the interoperability and visibility challenges they create--remains.
