Almost 38% of reported casesoriginated from ransomware attacks andmore than 40% resulted in operational downtime
Dubai, United Arab Emirates. – December 22, 2025 –OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, hasannounced findings from the SANS Institute’sThe State of ICS/OT Cybersecurity 2025reportsponsored by OPSWAT. It reveals that in the past year:
Matt Wiseman, Director of Product Marketing at OPSWAT
- 21.5% of organizations experienced a cyber incident affecting their industrial control system (ICS)/operational technology (OT).
- 37.9% of those incidents originated from ransomware attacks, and
- 40.3% resulted in operational downtime.
The survey, based on responses from more than 330 professionals across critical sectors, highlightsboth progress and persistent blind spots in areas such as asset visibility, secure remote access, and incident response readiness as these additional key resultsindicate:
- Half of ICS/OT incidents began with unauthorized external access, often through third-party remote maintenance.
- But only fewer than 15% of organizations have advanced remote access controls.
- 12.6% report full ICS Kill Chain visibility, leaving critical detection gaps at Purdue Levels 2–3.
- Just 14% of respondents felt fully prepared for emerging threats.
“This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments,” said Jason Christopher, SANS Institute, author of the report. “Organizations must prioritize visibility and segmentation to mitigate these risks effectively.”
“Our earlier research with the SANS Instituteshowed that most organizations dedicate less than 25% of their security budgets to OT,” said Matt Wiseman, Director of Product Marketing at OPSWAT. “The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.”
Download the report to access the full findings and learn how to build a resilient ICS/OT security posture.
– ENDS –
About OPSWAT
For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a “Trust no file. Trust no device.™” philosophy, OPSWAT solves customers’ challenges around the world with solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit http://www.opswat.com.
