Report: Industry Overconfident on OT Security
A new global report finds that industrial organizations are overestimating the security of their remote access systems. The 2026 "State of Industrial Remote Access" report reveals significant visibility gaps and rising risks from third-party vendors connecting to operational technology (OT).
The financial stakes in operational technology (OT) are escalating, with the average cost of a data breach in the industrial sector hitting $5.56 million in 2024, an 18% increase from the previous year. Some manufacturing plant shutdowns can result in losses of up to $125,000 per hour. The global financial risk from OT cyber incidents is estimated to be as high as $329.5 billion when considering indirect losses from cascading system failures. Recent attacks highlight the vulnerability of critical infrastructure. In late 2023 and early 2024, cyber actors affiliated with Iran and Russia successfully manipulated industrial control systems in several U.S. water and wastewater facilities by exploiting public-facing control interfaces. These incidents, which involved tampering with water pumps and alarms, underscore the potential for remote attacks to cause physical disruption. Third-party vendors represent a rapidly growing attack vector. In 2025, breaches involving a third party doubled to account for nearly 30% of all data breaches. A 2026 report found that in 2025, there was an average of 5.28 downstream victims for every third-party breach. The 2020 SolarWinds attack, where hackers compromised software updates for a widely used IT management product, remains a stark reminder of how a single vendor breach can impact thousands of organizations, including critical infrastructure. A significant "confidence-to-evidence gap" persists within the industry. While many organizations express confidence in their security, only about 12.6% report having full visibility across their entire industrial control system kill chain. This lack of visibility is critical as the number of internet-exposed ICS devices saw a 40% increase between 2024 and 2025. In response to these mounting threats, the market for industrial secure remote access is projected to grow from $3.27 billion in 2025 to $6.09 billion by 2030. This growth is driven by the urgent need for solutions that can provide secure connectivity for remote maintenance and monitoring. Concurrently, there is an increasing adoption of frameworks like the NIST Cybersecurity Framework to help organizations better identify and mitigate risks to their industrial control systems.
