A newly commissioned global study of over 250 global Operational Technology (OT) critical infrastructure security decision makers, conducted by Forrester Consulting on behalf of Schneider Electric, shows that 91% of global organisations experienced at least one OT breach or failure in the past 18 months, even with security measures in place. These incidents led to service interruptions (51%), revenue loss (49%), and reputational damage (53%).
Roughly seven in 10 global critical infrastructure security decision makers said they were concerned about their ability to protect their organisation, while six in 10 questioned their capabilities to detect an OT cyber attack.
The study highlights a critical gap: 51% still rely on traditional information technology (IT) practices to secure OT environments and only 40% have 24/7 monitoring in place for OT cyber threats.
Other key findings suggest that implementing ‘Secure by Operations’ principles – the practice of embedding cybersecurity into complex, mixed-technology operational environments with an emphasis on proactive, continuous cybersecurity post-deployment – could significantly improve OT security for critical infrastructure:
- 75% of respondents agree that ‘Secure by Operations’ strategies are likely instrumental in mitigating future OT cyber attacks
- Organisations that have adopted these principles report up to 53% faster recovery time and a 51% reduction in capital expenditure
- Nearly half of respondents indicate potential gains in company reputation (50%), operational efficiency (45%), and regulatory compliance (44%)
The study points out that many critical infrastructure operations teams lack the strategy and solution capabilities needed to protect their OT environments. Managed security service providers (MSSPs) can help organisations augment their current security practices by providing solution capabilities, staffing, and expertise needed for securing and monitoring OT environments, maintaining compliance, and managing response and recovery services.
“These figures show that while cybersecurity risk is well recognised, the pace of action to mitigate it must accelerate,” stated Jay Abdallah, President, Cybersecurity Solutions, Schneider Electric. “Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability. To close the widening OT cybersecurity gap, organisations must combine internal capabilities with external partnerships that bring specialised, operationally aware expertise.
“Securing the effective integration between IT and OT environments is critical – not only to strengthen an organisation’s security posture, but also to drive industrial competitiveness by enabling smarter, more efficientoperations.”
As the threat landscape evolves, ‘Secure by Design‘ principles must be supported by secure deployment guidelines and configurations when integrating technology into end-user environments. Ongoing maintenance and oversight throughout the technology lifecycle should follow ‘Secure by Operations’ practices.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
