Report: Firms Overconfident in OT Security

The disconnect between confidence and reality in operational technology (OT) security is a growing concern, with a "confidence-to-evidence gap" being a key issue. While many organizations report high confidence in their regulatory readiness and session visibility, full auditability of vendor sessions remains a rarity. This discrepancy highlights a tendency to rely on perception rather than concrete evidence of security controls. Third-party vendor access has become a primary risk multiplier in industrial environments. The likelihood of a security incident rises dramatically as the number of external vendors increases. Organizations that manage between 21 and 100 external vendors are reported to have the highest levels of risk exposure. The financial consequences of OT breaches are substantial, with the potential for catastrophic cyber events to cause nearly $330 billion in losses annually. Business interruption alone could account for over $172 billion of that total. Real-world examples underscore this risk, such as the ransomware attack on MKS Instruments that resulted in $200 million in lost revenue and an additional $250 million loss for its supplier, Applied Materials. Historically, many OT systems were designed for reliability and longevity, not cybersecurity, often running on outdated operating systems without current security updates. This legacy infrastructure, combined with the increasing convergence of IT and OT networks, has created a massive new attack surface. A significant 78% of OT ransomware incidents now start in the IT network before moving laterally into operational systems. Recent high-profile attacks have demonstrated the real-world impact of these vulnerabilities. The Colonial Pipeline ransomware attack, for instance, led to the shutdown of the pipeline for five days, causing significant fuel shortages. In another case, a Chinese-linked hacking group known as Volt Typhoon was found to have been inside a US power utility's network for over 300 days, collecting sensitive OT data. In response to these escalating threats, there is a clear trend toward vendor consolidation and the adoption of Zero Trust security models. Organizations with more mature OT security frameworks are reporting fewer severe incidents. For those with advanced systems, the number of attacks that lead to operational outages dropped from 52% to 42%. The move towards unified, OT-specific platforms is driven by the need for stronger oversight and more predictable operations. Fragmented systems that rely on a mix of VPNs, OEM tools, and other solutions create visibility gaps that policies alone cannot fix. Centralized platforms, however, can improve auditability and create more consistent security protocols for remote access. Looking ahead, the OT security market is projected to grow from $22.37 billion in 2025 to $35.23 billion by 2029. This growth is fueled by the increasing adoption of digital technologies in industrial settings and a greater emphasis on integrated security solutions that bridge the gap between IT and OT environments. The responsibility for OT security is also shifting, with 52% of organizations now placing it under the CISO, a significant increase from just 16% in 2022.