OPSWAT, SANS Release ICS/OT Cybersecurity Budget Report

Listen to this article

The SANS Institute, in collaboration with OPSWAT, has released the 2025 ICS/OT Cybersecurity Budget Report, highlighting major deficiencies in cybersecurity funding and a sharp increase in attacks targeting industrial control systems (ICS) and operational technology (OT). The report reveals that inadequate budgets, misaligned priorities, and fragmented security measures are leaving critical infrastructure vulnerable to increasingly advanced threats.

While 55% of organizations have increased their ICS/OT cybersecurity budgets in the past two years, much of the spending is concentrated on technology rather than operational resilience. This imbalance, combined with the merging of IT and OT environments, has created new vulnerabilities that threat actors are rapidly exploiting.

Key Insights from the Report:

  • Rising Threats to Critical Infrastructure: Over the past year, more than half of the surveyed organizations faced at least one security incident affecting ICS/OT systems. The most exploited vulnerabilities included internet-facing devices (33%) and transient devices (27%), which are often used to evade conventional security measures.
  • Budget Shortfalls Expose ICS/OT Systems: Despite increased awareness of OT cybersecurity risks, only 27% of organizations place budgetary control under cybersecurity leaders like CISOs or CSOs. This lack of dedicated oversight results in critical ICS/OT security needs being overlooked.
  • IT as the Main Entry Point: IT compromises account for 58% of ICS/OT incidents, emphasizing the need for integrated security approaches that address vulnerabilities across both IT and OT domains.
  • Underfunded ICS/OT Security: Less than half of organizations allocate even 25% of their cybersecurity budgets to protecting critical infrastructure, leaving essential systems vulnerable to attacks.

Prioritizing Investments in ICS/OT Security

The report urges organizations to revise their cybersecurity strategies by:

  • Increasing budgets specifically for ICS/OT protections, including devices and endpoints
  • Strengthening defenses against cross-domain attacks
  • Ensuring cybersecurity leadership directs budget decisions to align spending with operational risks

Dean Parsons, CEO and Principal Consultant of ICS Defense Force, emphasized the need for strategic investment in ICS/OT-specific security training. He warned that focusing primarily on IT systems while neglecting ICS/OT environments leaves critical infrastructure exposed to increasingly sophisticated attacks. Parsons stressed that protecting these systems is not optional but essential for operational continuity and national security.

For a comprehensive understanding of ICS/OT security benchmarks and future preparedness, download the full report.

https://www.opswat.com/resources/reports/ics-ot-cybersecurity-budget

Buy Me a Coffee

© Copyright 2025, All Rights Reserved. iTechBahrain.com
Buy Me A Coffee