HÀ NỘI Fortinet, the global cybersecurity leader driving the convergence of networking and security, has announced the findings from its global 2025 State of Operational Technology and Cybersecurity Report.

The results represent the current state of operational technology (OT) cybersecurity and highlight opportunities for continued improvement for organisations to secure an ever-expanding IT/OT threat landscape.

In addition to trends and insights impacting OT organisations, the report offers best practices to help IT and OT security teams better secure their cyber-physical systems. 

“The seventh edition of the Fortinet State of Operational Technology and Cybersecurity Report shows that organisations are taking OT security more seriously,” said Nirav Shah, Senior Vice President of Products and Solutions at Fortinet on July 10.

"We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organisations self-reporting increased rates of OT security maturity.

"Alongside these trends, we’re seeing a decrease in the impact of intrusions in organisations that prioritise OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”

According to Fortinet, responsibility for OT security continues to rise within executive ranks. There has been a significant increase in corporations planning to integrate cybersecurity under the chief information security officer (CISO) or other executives.

As accountability continues to shift into executive leadership, OT security is elevated to a high-profile issue at the board level.

The top internal leaders that influence OT cybersecurity decisions are now most likely to be the CISO or the chief security officer (CSO) by an increasingly wide margin.

Now, more than half (52 per cent) of organisations report that the CISO/CSO is responsible for OT, up from 16 per cent in 2022.

For all C-suite roles, this has spiked to 95 per cent. Additionally, the number of organisations intending to move OT cybersecurity under the CISO in the next 12 months has increased from 60 per cent to 80 per cent in 2025.

Self-reported OT security maturity has made notable progress this year. At the basic Level 1, 26 per cent of organisations report establishing visibility and implementing segmentation, up from 20 per cent in the previous year.

Although nearly half of organisations experienced impacts, the impact of intrusions on organisations is declining, with a noteworthy reduction in operational outages that impacted revenue, which dropped from 52 per cent to 42 per cent.

Fortinet’s report provides actionable insights for organisations to strengthen their security posture. Organisations can address OT security challenges by establishing visibility and compensating controls for OT assets; deploying segmentation; integrating OT into security operations and incident response planning; considering a platform approach to overall security architecture; and embracing OT-specific threat intelligence and security services.

The report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company. Survey respondents were from different locations around the world, including Australia, Taiwan (China), Thailand, the UK and the US, and from a range of industries including manufacturing, transportation/logistics, healthcare/pharma, oil, gas and refining, energy/utilities, chemical/petrochemical and water/wastewater. VNS