by OPSWAT
Many Organizations Reported Experiencing at Least One ICS/OT Security Incident
Tampa, FL – March 4, 2025 – SANS Institute, the global leader in cybersecurity training and research, in partnership with OPSWAT, a global leader in critical infrastructure protection (CIP) solutions, today announced the findings of the 2025 ICS/OT Cybersecurity Budget Report, revealing significant gaps in cybersecurity budgets and a surge in ICS/OT-focused attacks. The report highlights how insufficient funding, misaligned priorities, and fragmented defenses are leaving critical infrastructure exposed to increasingly sophisticated threats.
While 55% of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience. This imbalance, combined with the convergence of IT and OT environments, creates new vulnerabilities adversaries are exploiting at an alarming rate.
Key Findings
- Critical Infrastructure Under Attack: Our survey reveals concerning trends regarding security incidents within critical infrastructure. Over 50% of respondents exhibited signs of security breaches, with 27% explicitly acknowledging that they experienced an incident. Additionally, 19.9% were unable to respond due to company policy, and 11% expressed uncertainty. These findings suggest that the prevalence of incidents may be greater than officially reported. Notably, the most frequently exploited vulnerabilities included internet-accessible devices, which accounted for 33%, and transient devices at 27%, both of which are often used to circumvent traditional security measures.
- Budget Gaps Leave ICS/OT at Risk: Despite growing recognition of OT cybersecurity as a priority, only 27% of organizations place budgetary control under CISOs or CSOs. Without dedicated leadership, budget allocation often overlooks critical ICS/OT-specific needs, exposing infrastructure to evolving threats.
- IT as a Primary Attack Vector: The report identifies IT compromises as the most common entry point, responsible for 58% of ICS/OT incidents. This highlights the urgent need for integrated security strategies that address cross-domain vulnerabilities.
- Insufficient Budgets for ICS/OT Security: Many organizations continue to underfund ICS/OT-specific protections. Less than half allocate only 25% of their cybersecurity budgets to safeguarding critical infrastructure, leaving systems exposed to attacks.
Prioritizing Budget and Workforce Investments
The 2025 ICS/OT Cybersecurity Budget Report stresses the need for organizations to rethink their cybersecurity strategies:
- Allocating proper budgets to ICS/OT defenses: devices and endpoints
- Strengthening defenses against cross-domain attacks
- Ensuring cybersecurity leadership oversees budget decisions to align spending with operational risk
The evolving threat landscape in ICS/OT demands more than just deploying the five ICS Cybersecurity critical controls. Effective critical infrastructure defense requires a strategic investment in ICS/OT-specific security training, ensuring that those responsible for monitoring ICS controls have a deep understanding of control system networks.
One of the most concerning findings in the report is that while cybersecurity budgets have increased, much of the investment remains focused only on traditional business support systems such as IT, leaving ICS/OT environments, the business itself, dangerously under-protected. After all, in an ICS organization, the ICS is the business.
Organizations that fail to reevaluate their threats to their ICS environments leave critical infrastructure vulnerable to increasingly sophisticated attacks. Protecting these engineering systems isn’t optional—it’s essential for operational resilience and national security.
Dean Parsons
Principal Instructor, CEO, and Principal Consultant of ICS Defense Force
Download the full report to understand the critical benchmarks for securing ICS/OT environments and how your organization can better prepare for the future.
About OPSWAT
For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a “Trust no file. Trust no device.™” philosophy, OPSWAT solves customers’ challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit www.opswat.com.