We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/
Blog
/
New OPSWAT-Sponsored SANS Survey Reveals 21.5% of…
New OPSWAT-Sponsored SANS Survey Reveals 21.5% of Organizations Experienced an ICS/OT Cyber Incident in the Past Year
Almost 38% of reported cases originated from ransomware attacks and more than 40% resulted in operational downtime
by
OPSWAT
Share this Post
TAMPA, Fla. – Nov. 19, 2025 – OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, today announced findings from the SANS Institute’s The State of ICS/OT Cybersecurity 2025 report, sponsored by OPSWAT. It reveals that in the past year:
21.5% of organizations experienced a cyber incident affecting their industrial control system (ICS)/operational technology (OT).
37.9% of those incidents originated from ransomware attacks, and
40.3% resulted in operational downtime.
The survey, based on responses from more than 330 professionals across critical sectors, highlights both progress and persistent blind spots in areas such as asset visibility, secure remote access, and incident response readiness as these additional key results indicate:
Half of ICS/OT incidents began with unauthorized external access, often through third-party remote maintenance.
But only fewer than 15% of organizations have advanced remote access controls.
12.6% report full ICS Kill Chain visibility, leaving critical detection gaps at Purdue Levels 2–3.
Just 14% of respondents felt fully prepared for emerging threats.
This year’s findings show that while progress is being made, the industry still faces significant challenges in securing converged environments. Organizations must prioritize visibility and segmentation to mitigate these risks effectively.
Jason Christopher
SANS Institute
Our earlier research with the SANS Institute showed that most organizations dedicate less than 25% of their security budgets to OT. The new findings make it clear that increased spending alone is not enough. The priority now is smarter investment in the controls that matter most for safety and uptime: segmentation, secure remote access, and scanning inbound files and devices before they reach the operational environment. OT security requires an integrated approach that closes the gaps attackers continue to exploit.
For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a “Trust no file. Trust no device.™” philosophy, OPSWAT solves customers’ challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit www.opswat.com.
