The three OT cybersecurity controls most correlated with risk reduction are: Incident Response Planning (up to 18.5% average risk reduction), Defensible Architecture (up to 17.09%), ICS Network Visibility and Monitoring (up to 16.47%).

Indirect losses impact up to 70% of OT-related breaches.

87% of leaders at industrial organizations believe it is very or extremely important to integrate OT cybersecurity tools with industrial code management tools.

87% of leaders at industrial organizations believe it is very or extremely important to integrate OT cybersecurity tools with industrial code management tools.

8% of industrial organizations claim that nation-state actors are their top security concern.

50% of industrial organizations claim that supply chain threats and cybercriminal activity are their top security concern.

64% of industrial organizations classify their OT cybersecurity maturity as foundational.

9% of industrial organizations claim that zero-day vulnerabilities are their top security concern.

57% of industrial organizations deploy more than three tools to monitor IT, OT, and IoT environments.

Only 17% of industrial organizations report mature OT security practices.

44% of industrial organizations claim to have strong real-time cyber visibility.

Nearly 60% of industrial organizations have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat detection capabilities.

49% of industrial organizations cite vulnerability prioritization as the most laborious task.

44% of industrial organizations cite risk mitigation as the most laborious task

Over 33% of industrial organizations take more than 90 days to remediate threats.

63% of industrial organizations take over 30 days to remediate threats.

19% of industrial organizations identify their cybersecurity maturity as evolving.

8% of industrial organizations claim that nation-state actors are their top security concern.

9% of industrial organizations claim that zero-day vulnerabilities are their top security concern.

Top publicly exposed OT/ICS protocols observed in 2024 included Open Platform Communications Unified Architecture (OPC UA) – 43%, Distributed Network Protocol (DNP) – 22%, Niagara-Fox – 21%, Ethernet/IP – 10%, Modbus – 4%.