Fortinet Report: OT Cybersecurity Risk Elevates within Executive Leadership Ranks 

More than half (52%) of organizations report that the CISO/CSO is responsible for OT, up from 16% in 2022, while 95% of organizations report that the C-suite is responsible for OT, up from 41% in 2022

As industrial environments become increasingly digitized and interconnected, a new global report from cybersecurity leader Fortinet highlights a decisive shift in how organizations manage Operational Technology (OT) security. The 2025 State of Operational Technology and Cybersecurity Report reveals that OT security has rapidly evolved from a technical concern to a board-level priority driven by C-suite leadership.

According to the report, 52% of organizations have now assigned OT cybersecurity oversight to the Chief Information Security Officer (CISO) or another senior executive, marking a significant leap from just 16% in 2022. Furthermore, 95% of executive leaders are now actively involved in OT security governance, underscoring a growing recognition of OT systems as critical assets vulnerable to escalating cyber threats.

CISOs Drive Unified IT-OT Risk Management

This strategic realignment is especially prominent across sectors such as manufacturing, logistics, energy, petrochemicals, healthcare, and water utilities, where OT systems form the backbone of essential operations. Notably, 80% of organizations in these sectors plan to migrate OT security responsibilities under the CISO’s purview within the next year. The goal is to unify cybersecurity strategies across IT and OT environments for more cohesive and effective risk management.

“The seventh installment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organizations self-reporting increased rates of OT security maturity,” said Nirav Shah, Senior Vice President, Products and Solutions, at Fortinet. “Alongside these trends, we’re seeing a decrease in the impact of intrusions in organizations that prioritize OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”

Maturity Enhances Resilience Against Cyber Threats

The report establishes a clear correlation between cybersecurity maturity and reduced business disruption from cyber intrusions. 26% of organizations now report achieving Level 1 OT maturity, which is defined by network visibility and segmentation, compared to 20% in the previous year. The majority now operate at Level 2, with a focus on access control and asset profiling.

Organizations with higher OT security maturity are demonstrating greater resilience against common threat vectors such as phishing. They are also improving their detection and mitigation of more sophisticated tactics, including advanced persistent threats (APTs) and OT-specific malware. Encouragingly, the rate of revenue-impacting operational outages has declined from 52% to 42%, indicating measurable progress in preparedness and response capabilities.

Best Practices Strengthen Cyber Defenses

The adoption of cybersecurity best practices continues to drive down attack surfaces and improve incident response effectiveness. The report cites a significant drop in business email compromise (BEC) attacks, which has been attributed to stronger cyber hygiene protocols, enhanced employee awareness, and better training programs.

A key trend highlighted in the report is the growing use of threat intelligence platforms. Usage of these technologies has surged by 49% since 2024, reflecting a broader industry shift toward data-driven, proactive defense strategies that leverage real-time analytics to detect and neutralize evolving threats.

Consolidated Platforms Boost Efficiency and Protection

The report also identifies vendor consolidation as a key indicator of cybersecurity maturity. In 2025, 78% of organizations rely on just one to four OT vendors, streamlining complexity and improving operational efficiency. Many of these organizations have adopted platform-based security architectures, such as the Fortinet OT Security Platform, to unify threat detection, policy enforcement, and incident response capabilities across distributed environments.

Organizations that implemented such platforms reported a 93% reduction in cyber incidents compared to flat network architectures. They also experienced a sevenfold improvement in operational performance, which they attributed to faster triage, configuration, and incident resolution.

Maturing Toward IT/OT SecOps

The report reinforces the urgent need for tight integration between IT and OT security strategies. Key recommendations include establishing end-to-end visibility over OT networks, applying compensating controls for vulnerable assets, implementing network segmentation aligned with international standards such as ISA/IEC 62443, and deploying AI-driven, OT-specific threat intelligence for real-time risk mitigation.

By embedding OT into broader Security Operations (SecOps) and incident response plans, organizations can build a more comprehensive and resilient security posture. These strategies also promote better collaboration between IT and OT teams and enable faster, more informed decision-making at the executive level.

Securing OT is no longer optional. It is foundational to business resilience. Organizations must empower executive leadership, streamline cybersecurity architectures, and unify their OT and IT security postures to meet the evolving demands of today’s threat landscape.