
Tosi, a leading provider of cyber-physical solutions for the OT environment, and based out of Oulu, Finland and Irving, Texas, recently unveiled their 2026 State of OT Security Report. Among other findings, it shows that manufacturing is the only industry where U.S. companies trail their European counterparts in OT security maturity.
Losing with a score of 31.2 versus 34.7 on a 50-point scale, the gap is seen as arising from remote access, where U.S. organizations score just 4.7 compared to 6.7 in Europe. According to the report, U.S. manufacturing respondents still rely on open ports or shared VPN credentials to provide remote OT access, leaving their systems vulnerable.
“The data tells a clear story: the gap in U.S. manufacturing OT security is not a tools gap, it is a process and enforcement gap” said Sakari Suhonen, CEO of Tosi U.S. “Most organizations have technology in place. What is missing is operational ownership. Someone needs to be responsible for who gets into the plant floor, when, and for how long.
"The latest cyberattacks and federal advisory confirmed what our research already showed. The door was open. The question now is whether manufacturers will close it before the next incident does it for them.”
The report also reveals that U.S. manufacturing organizations manage internal OT traffic reasonably well, but struggle at the boundary between IT and OT networks, the point where corporate systems meet the plant floor. That boundary is where the exposure lives.
To make matters worse, the ability to revoke or remove vendor access also scores low, meaning that even organizations with some form of vendor access controls in place cannot cleanly enforce them. The tools to fix this exist. The gap is not technological, it is operational.
Beyond remote access, the report covered four other capability areas, three of which European companies outperform their American counterparts:
- Threat detection is the strongest capability globally at 7.3 out of 10 (6.7 in the U.S. and 7.5 in Europe), indicating that manufacturers have invested in monitoring and anomaly detection more than in other areas.
- Network segmentation scores 7.0 globally (6.8 in the U.S. and 6.9 in Europe), meaning most manufacturers have established some boundary between IT and OT environments. However, enforcement and east-west traffic controls inside the OT environment remain less mature globally.
- Asset visibility is the relative gap in Europe at 6.7 out of 10 (6.8 in the U.S., 6.8 globally). While asset tracking tools are in use, many organizations still rely on periodic rather than automated discovery, leaving gaps in real-time inventory coverage.
- Multi-site deployment scores 6.2 in the U.S. (6.9 in Europe, 6.7 globally), the lowest regional score in this category. Deploying secure connectivity to new facilities and maintaining unified visibility across sites remains a persistent operational challenge.
The full overview of the U.S. part of the report containing a detailed description of scores per capability is available here.






















