Fortinet Report: OT Cybersecurity Risk Elevates within Executive Leadership Ranks
Fortinet (NASDAQ: FTNT) has released its global 2025 State of Operational Technology and Cybersecurity Report, revealing significant shifts in OT security responsibility and maturity. The report highlights that 52% of organizations now assign OT security to CISO/CSO, up from 16% in 2022, while 95% of organizations report C-suite responsibility for OT security, compared to 41% in 2022.
Key findings show improved OT security maturity, with 26% of organizations achieving basic Level 1 security, up from 20% last year. Organizations with higher security maturity reported fewer attacks and better handling of threats. The impact of intrusions has declined, with operational outages affecting revenue dropping from 52% to 42%. The study also revealed a trend toward vendor consolidation, with 78% of organizations now using only 1-4 OT vendors.
The report, based on a survey of over 550 OT professionals globally, provides actionable insights for strengthening security posture through best practices including establishing visibility, implementing segmentation, and integrating OT into security operations.Fortinet (NASDAQ: FTNT) ha pubblicato il suo rapporto globale 2025 sullo Stato della Tecnologia Operativa e della Sicurezza Informatica, evidenziando cambiamenti significativi nelle responsabilità e nella maturità della sicurezza OT. Il rapporto sottolinea che il 52% delle organizzazioni ora assegna la sicurezza OT al CISO/CSO, rispetto al 16% nel 2022, mentre il 95% delle organizzazioni riporta una responsabilità a livello C-suite per la sicurezza OT, rispetto al 41% nel 2022.
I risultati chiave mostrano un miglioramento nella maturità della sicurezza OT, con il 26% delle organizzazioni che raggiungono il livello base di sicurezza 1, in aumento rispetto al 20% dell'anno precedente. Le organizzazioni con una maturità di sicurezza più elevata hanno riportato meno attacchi e una gestione migliore delle minacce. L'impatto delle intrusioni è diminuito, con le interruzioni operative che influenzano i ricavi scese dal 52% al 42%. Lo studio ha anche evidenziato una tendenza alla consolidazione dei fornitori, con il 78% delle organizzazioni che ora utilizza solo da 1 a 4 fornitori OT.
Il rapporto, basato su un sondaggio condotto su oltre 550 professionisti OT a livello globale, fornisce indicazioni pratiche per rafforzare la postura di sicurezza attraverso le migliori pratiche, tra cui l'istituzione della visibilità, l'implementazione della segmentazione e l'integrazione dell'OT nelle operazioni di sicurezza.
Fortinet (NASDAQ: FTNT) ha publicado su informe global 2025 sobre el Estado de la Tecnología Operativa y la Ciberseguridad, revelando cambios significativos en la responsabilidad y madurez de la seguridad OT. El informe destaca que el 52% de las organizaciones ahora asignan la seguridad OT al CISO/CSO, frente al 16% en 2022, mientras que el 95% de las organizaciones reportan responsabilidad a nivel C-suite para la seguridad OT, en comparación con el 41% en 2022.
Los hallazgos clave muestran una mejora en la madurez de la seguridad OT, con el 26% de las organizaciones alcanzando el nivel básico 1 de seguridad, un aumento respecto al 20% del año pasado. Las organizaciones con mayor madurez en seguridad reportaron menos ataques y mejor manejo de amenazas. El impacto de las intrusiones ha disminuido, con las interrupciones operativas que afectan los ingresos bajando del 52% al 42%. El estudio también reveló una tendencia hacia la consolidación de proveedores, con el 78% de las organizaciones usando ahora solo de 1 a 4 proveedores OT.
El informe, basado en una encuesta a más de 550 profesionales OT a nivel mundial, ofrece conocimientos prácticos para fortalecer la postura de seguridad mediante mejores prácticas como establecer visibilidad, implementar segmentación e integrar OT en las operaciones de seguridad.
Fortinet (NASDAQ: FTNT)은 2025년 글로벌 운영 기술 및 사이버 보안 현황 보고서를 발표하며 OT 보안 책임과 성숙도에 큰 변화를 밝혔습니다. 보고서에 따르면 52%의 조직이 이제 OT 보안을 CISO/CSO에게 맡기고 있으며, 이는 2022년 16%에서 증가한 수치입니다. 또한 95%의 조직이 OT 보안에 대해 최고경영진(C-suite)의 책임을 보고했는데, 이는 2022년 41%와 비교됩니다.
주요 결과로는 OT 보안 성숙도가 향상되어 26%의 조직이 기본 수준 1 보안을 달성했으며, 이는 작년 20%에서 증가한 수치입니다. 보안 성숙도가 높은 조직은 공격이 적고 위협 대응이 더 우수했습니다. 침입의 영향도 감소하여 매출에 영향을 미치는 운영 중단이 52%에서 42%로 줄었습니다. 연구는 또한 공급업체 통합 추세를 보여주며, 78%의 조직이 현재 1~4개의 OT 공급업체만 사용하고 있습니다.
이 보고서는 전 세계 550명 이상의 OT 전문가를 대상으로 한 설문조사를 기반으로 하며, 가시성 확보, 세분화 구현, OT를 보안 운영에 통합하는 등 모범 사례를 통해 보안 태세를 강화할 수 있는 실행 가능한 인사이트를 제공합니다.
Fortinet (NASDAQ : FTNT) a publié son rapport mondial 2025 sur l'état de la technologie opérationnelle et de la cybersécurité, révélant des changements significatifs dans la responsabilité et la maturité de la sécurité OT. Le rapport souligne que 52 % des organisations confient désormais la sécurité OT au CISO/CSO, contre 16 % en 2022, tandis que 95 % des organisations déclarent une responsabilité au niveau de la direction pour la sécurité OT, contre 41 % en 2022.
Les principales conclusions montrent une amélioration de la maturité de la sécurité OT, avec 26 % des organisations atteignant un niveau de sécurité basique 1, contre 20 % l'année dernière. Les organisations ayant une maturité de sécurité plus élevée ont signalé moins d'attaques et une meilleure gestion des menaces. L'impact des intrusions a diminué, les interruptions opérationnelles affectant les revenus passant de 52 % à 42 %. L'étude a également révélé une tendance à la consolidation des fournisseurs, 78 % des organisations n'utilisant désormais que 1 à 4 fournisseurs OT.
Le rapport, basé sur une enquête auprès de plus de 550 professionnels OT dans le monde, fournit des informations pratiques pour renforcer la posture de sécurité grâce à des meilleures pratiques telles que l'établissement de la visibilité, la mise en œuvre de la segmentation et l'intégration de l'OT dans les opérations de sécurité.
Fortinet (NASDAQ: FTNT) hat seinen globalen Bericht zum Stand der Betriebstechnologie und Cybersicherheit 2025 veröffentlicht, der bedeutende Veränderungen bei der Verantwortlichkeit und Reife der OT-Sicherheit aufzeigt. Der Bericht hebt hervor, dass 52 % der Organisationen die OT-Sicherheit nun dem CISO/CSO zuweisen, gegenüber 16 % im Jahr 2022, während 95 % der Organisationen eine Verantwortung auf C-Ebene für OT-Sicherheit melden, verglichen mit 41 % im Jahr 2022.
Wesentliche Erkenntnisse zeigen eine verbesserte OT-Sicherheitsreife, wobei 26 % der Organisationen das grundlegende Sicherheitsniveau 1 erreichen, im Vergleich zu 20 % im Vorjahr. Organisationen mit höherer Sicherheitsreife berichteten über weniger Angriffe und eine bessere Bedrohungsbewältigung. Die Auswirkungen von Eindringlingen sind zurückgegangen, wobei betriebliche Ausfälle, die den Umsatz beeinträchtigen, von 52 % auf 42 % gesunken sind. Die Studie zeigte auch einen Trend zur Lieferantenkonsolidierung, wobei 78 % der Organisationen jetzt nur noch 1-4 OT-Anbieter nutzen.
Der Bericht basiert auf einer Umfrage unter mehr als 550 OT-Fachleuten weltweit und bietet umsetzbare Erkenntnisse zur Stärkung der Sicherheitslage durch bewährte Praktiken wie die Schaffung von Sichtbarkeit, Implementierung von Segmentierung und Integration von OT in Sicherheitsoperationen.
- Significant increase in C-suite responsibility for OT security (95% vs 41% in 2022)
- Reduction in operational outages impacting revenue (42% vs 52% previously)
- Higher security maturity correlates with fewer successful attacks
- 78% of organizations are consolidating OT vendors for better efficiency
- 93% reduction in cyber incidents through unified networking and security implementation
- 42% of organizations still experience operational outages affecting revenue
- Only 26% of organizations have achieved basic Level 1 security maturity
- Advanced persistent threats (APT) and OT malware remain difficult to detect for less mature organizations
More than half (
SUNNYVALE, Calif., July 09, 2025 (GLOBE NEWSWIRE) -- Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the findings from its global 2025 State of Operational Technology and Cybersecurity Report. The results represent the current state of operational technology (OT) cybersecurity and highlight opportunities for continued improvement for organizations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organizations, the report offers best practices to help IT and OT security teams better secure their cyber-physical systems.
“The seventh installment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organizations self-reporting increased rates of OT security maturity,” said Nirav Shah, Senior Vice President, Products and Solutions, at Fortinet. “Alongside these trends, we’re seeing a decrease in the impact of intrusions in organizations that prioritize OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”
Key findings from the global survey include:
- Responsibility for OT security continues to elevate within executive ranks: There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives. As accountability continues to shift into executive leadership, OT security is elevated to a high-profile issue at the board level. The top internal leaders who influence OT cybersecurity decisions are now most likely to be the CISO or CSO by an increasingly wide margin. Now more than half (
52% ) of organizations report that the CISO/CSO is responsible for OT, up from16% in 2022. For all C-suite roles, this has spiked to95% . Additionally, the number of organizations intending to move OT cybersecurity under CISO in the next 12 months has increased from60% to80% in 2025.
- OT cybersecurity maturity is affecting the impact of intrusions: Self-reported OT security maturity has made notable progress this year. At the basic Level 1,
26% of organizations report establishing visibility and implementing segmentation, up from20% in the previous year. The largest number of organizations state their security maturity is at the Level 2 access and profiling phase. The report also found a correlation between maturity and attacks. Those organizations that report being more mature (higher of Levels 0–4) are seeing fewer attacks or indicate that they are better able to handle lower-sophistication tactics, such as phishing. It’s worth noting that some tactics, such as advanced persistent threats (APT) and OT malware, are difficult to detect, and less mature organizations may not have the security solutions in place to determine they exist. Overall, although nearly half of organizations experienced impacts, the impact of intrusions on organizations is declining, with a noteworthy reduction in operational outages that impacted revenue, which dropped from52% to42% .
- Adopting cybersecurity best practices is having a positive impact: In addition to the Levels of maturity affecting the impact of intrusions, it appears that adopting best practices such as implementing basic cyber hygiene and better training and awareness are having a real impact, including a significant drop in business email compromise. Other best practices include incorporating threat intelligence, which spiked (
49% ) since 2024. Additionally, the report saw a significant decrease in the number of OT device vendors, which is a sign of maturity and operational efficiency. More organizations (78% ) are now using only one to four OT vendors, which indicates that many of these organizations are consolidating vendors as part of their best practices. Cybersecurity vendor consolidation is also a sign of maturity and corresponds to Fortinet customer experiences with the Fortinet OT Security Platform. Unified networking and security at remote OT sites enhanced visibility and reduced cyber risks, leading to a93% reduction in cyber incidents vs. a flat network. The simplified Fortinet solutions also led to a 7x improvement in performance through reductions in triage and setup.1
Best Practices
Fortinet’s global 2025 State of Operational Technology and Cybersecurity Report provides actionable insights for organizations to strengthen their security posture. Organizations can address OT security challenges by adopting the following best practices:
- Establish visibility and compensating controls for OT assets: Organizations need the ability to see and understand everything that’s on their OT networks. Once visibility is established, organizations then need to protect critical devices and ones that may be vulnerable, which requires protective compensating controls that are designed for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent compromise of vulnerable assets.
- Deploy segmentation: Reducing intrusions requires a hardened OT environment with strong network policy controls at all access points. This kind of defensible OT architecture starts with creating network zones or segments. Standards such as ISA/IEC 62443 specifically call for segmentation to enforce controls between OT and IT networks and between OT systems. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralized management capabilities.
- Integrate OT into security operations (SecOps) and incident response planning: Organizations should be maturing toward IT/OT SecOps. To get there, OT needs to be a specific consideration for SecOps and incident response plans, largely because of some of the distinctions between OT and IT environments, from unique device types to the broader consequences of an OT breach impacting critical operations. One key step in this direction is to have playbooks that include your organization’s OT environment. This kind of advanced preparation will foster better collaboration across IT, OT, and production teams to adequately assess cyber and production risks. It can also ensure that the CISO has proper awareness, prioritization, budget, and personnel allocations.
- Consider a platform approach to your overall security architecture: To address rapidly evolving OT threats and an expanding attack surface, many organizations have assembled a broad array of security solutions from different vendors. This has yielded an overly complex security architecture that inhibits visibility while placing an increased burden on limited security team resources. A platform-based approach to security can help organizations consolidate vendors and simplify their architecture. A robust security platform with specific capabilities for both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralized management for enhanced efficiency. Integration can also provide a foundation for automated responses to threats.
- Embrace OT-specific threat intelligence and security services: OT security depends on timely awareness and precise analytical insights about imminent risks. A platform-based security architecture should also apply AI-powered threat intelligence for near-real-time protection against the latest threats, attack variants, and exposures. Organizations should ensure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.
Report Overview
- The Fortinet 2025 State of Operational Technology and Cybersecurity Report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company.
- Survey respondents were from different locations around the world, including Australia, New Zealand, Argentina, Brazil, Canada, Mainland China, Colombia, Denmark, Egypt, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Malaysia, Mexico, Norway, Philippines, Poland, Portugal, Singapore, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others.
- Respondents represent a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater.
- Most of those surveyed, regardless of title, are deeply involved in cybersecurity purchasing decisions. Many respondents are responsible for operations technology at their organization and/or have reporting responsibility for manufacturing or plant operations.
Additional Resources
- Read the full report to learn more about the state of OT security in 2025.
- Learn more about Fortinet’s OT Security Solutions.
- Listen to the webinar on August 7 for more insights on the report findings.
- Visit fortinet.com/trust to learn more about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
- Learn more about Fortinet's commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies.
- Read about how Fortinet customers are securing their organizations.
- Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
1 Fortinet, Fortinet OT Security Platform Customer Success Stories, November 5, 2024.
About Fortinet
Fortinet (Nasdaq: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
Copyright © 2025 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAgent, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiEndpoint FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSEC, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.
Media Contact: Elena Fuhrmann Fortinet, Inc. 408-235-7700 pr@fortinet.com Investor Contact: Aaron Ovadia Fortinet, Inc. 408-235-7700 investors@fortinet.com Analyst Contact: Brian Greenberg Fortinet, Inc. 408-235-7700 analystrelations@fortinet.com
FAQ
What are the key findings of Fortinet's 2025 OT Cybersecurity Report regarding executive responsibility?
How has FTNT's reported operational outage impact changed in 2025?
What percentage of organizations are implementing OT vendor consolidation according to Fortinet's 2025 report?
What are the key security maturity findings in Fortinet's 2025 OT report?
How effective is Fortinet's unified networking and security approach for OT security?
