A newly commissioned global study of Operational Technology (OT) critical infrastructure security decision-makers, conducted by Forrester Consulting on behalf of Schneider Electric, reveals that 91 percent of global organizations experienced at least one OT breach or failure in the past 18 months, even with security measures in place.
These incidents led to service interruptions (51 percent), revenue loss (49 percent), and reputational damage (53 percent). Roughly seven in ten global critical infrastructure security decision-makers said they were concerned about their ability to protect their organization; six in ten questioned their capabilities to detect an OT cyberattack.
The study highlights a critical gap: 51 percent still rely on traditional information technology (IT) practices to secure OT environments, and only 40 percent have 24/7 monitoring in place for OT cyber threats.
Other key findings suggest that implementing ‘Secure by Operations’ principles – the practice of embedding cybersecurity into complex, mixed-technology operational environments with an emphasis on proactive, continuous cybersecurity post-deployment – could significantly improve OT security for critical infrastructure:
- 75 percent of respondents agree that ‘Secure by Operations’ strategies are likely instrumental in mitigating future OT cyberattacks.
- Organizations that have adopted these principles report up to 53 percent faster recovery time and a 51 percent reduction in capital expenditure (CapEx).
- Nearly half of respondents indicate potential gains in company reputation (50 percent), operational efficiency (45 percent), and regulatory compliance (44 percent).
The study points out that many critical infrastructure operations teams lack the strategy and solution capabilities needed to protect their OT environments. Managed security service providers (MSSPs) could help organizations augment their current security practices by providing solution capabilities, staffing, and expertise needed for securing and monitoring OT environments, maintaining compliance, and managing response and recovery services.
Jay Abdallah, President, Cybersecurity Solutions at Schneider Electric offered the following comments. “These figures show that while cybersecurity risk is well recognized, the pace of action to mitigate it must accelerate. Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability.
"To close the widening OT cybersecurity gap, organizations must combine internal capabilities with external partnerships that bring specialized, operationally aware expertise. Securing the effective integration between IT and OT environments is critical - not only to strengthen an organization’s security posture, but also to drive industrial competitiveness by enabling smarter, more efficient operations."
