Fortinet has released its 2025 State of Operational Technology and Cybersecurity Report, offering a comprehensive look into how organizations are evolving their defences amid rising IT/OT convergence threats. Based on insights from over 550 OT professionals worldwide, the report underscores a clear shift in cybersecurity leadership, with 52% of companies now placing OT security responsibility directly under the Chief Information Security Officer (CISO)—up from just 16% in 2022.
This structural shift is matched by a measurable improvement in self-reported OT security maturity and a decline in the frequency and severity of cyber intrusions. Notably, operational outages with direct revenue impact fell from 52% in 2024 to 42% in 2025, according to the report.
OT maturity linked to reduced impact of attacks
Organizations with more mature OT security frameworks, particularly those at Level 2 or higher on Fortinet’s maturity scale, reported fewer successful attacks. These firms were better equipped to defend against low-complexity threats like phishing, while also being more prepared for advanced persistent threats and OT-targeted malware.
Fortinet attributes this improvement not only to elevated leadership accountability but also to the adoption of key cybersecurity best practices. These include visibility across OT networks, the use of segmentation protocols like ISA/IEC 62443, and integrated SecOps strategies that combine IT and OT response planning.
The report also notes a rise in platform-based security adoption, with 78% of firms now using only 1–4 OT vendors—a sign of strategic vendor consolidation and operational efficiency. Fortinet’s own OT security platform was cited for enabling a 93% reduction in cyber incidents and a sevenfold performance improvement in triage and setup times.
Best practices for OT resilience
The 2025 report outlines actionable guidance for enterprises, urging them to:
Implement visibility and compensating controls for vulnerable OT assets.
Establish segmented OT zones to minimize breach impact.
Merge OT into broader incident response plans with SecOps integration.
Consolidate fragmented security tools under platform-based architectures.
Adopt OT-specific threat intelligence to improve real-time detection.
Fortinet’s report draws from diverse sectors including manufacturing, energy, transportation, water utilities, and pharma, with respondents spanning over 30 countries. As cyber-physical systems become increasingly central to national infrastructure and industrial growth, the findings make a strong case for elevated investment, unified governance, and a proactive approach to OT security.
