SANS Institute, in partnership with OPSWAT, announced the findings of the 2025 ICS/OT Cybersecurity Budget Report, revealing significant gaps in cybersecurity budgets and a
surge in ICS/OT-focused attacks. The report highlights how insufficient
funding, misaligned priorities, and fragmented defenses are leaving critical
infrastructure exposed to increasingly sophisticated threats.
While 55% of organizations
reported increased ICS/OT cybersecurity budgets over the past two years, much
of that investment remains heavily skewed toward technology, with limited focus
on operational resilience. This imbalance, combined with the convergence of IT
and OT environments, creates new vulnerabilities adversaries are exploiting at
an alarming rate.
Key Findings from the Report:
- Critical Infrastructure
Under Attack: Over the past year,
more than 50% of organizations experienced at least one security incident
involving ICS/OT systems. Among the top vulnerabilities exploited were
internet-accessible devices (33%) and transient devices (27%), often used
to bypass traditional defenses.
- Budget Gaps Leave ICS/OT
at Risk: Despite growing recognition
of OT cybersecurity as a priority, only 27% of organizations place
budgetary control under CISOs or CSOs. Without dedicated leadership,
budget allocation often overlooks critical ICS/OT-specific needs, exposing
infrastructure to evolving threats.
- IT as a Primary Attack
Vector: The report identifies IT
compromises as the most common entry point, responsible for 58% of ICS/OT
incidents. This highlights the urgent need for integrated security
strategies that address cross-domain vulnerabilities.
- Insufficient
Budgets for ICS/OT Security: Many
organizations continue to underfund ICS/OT-specific protections. Less than
half allocate only 25% of their cybersecurity budgets to safeguarding
critical infrastructure, leaving systems exposed to attacks.
Prioritizing Budget and
Workforce Investments
The 2025 ICS/OT Cybersecurity Budget Report stresses the need for organizations to rethink their
cybersecurity strategies:
- Allocating proper budgets
to ICS/OT defenses: devices and endpoints
- Strengthening defenses
against cross-domain attacks
- Ensuring cybersecurity
leadership oversees budget decisions to align spending with operational
risk
Dean Parsons, Principal Instructor
and CEO and Principal Consultant of ICS Defense Force stated, "The
evolving threat landscape in ICS/OT demands more than just deploying the five
ICS Cybersecurity critical controls. Effective critical infrastructure defense
requires a strategic investment in ICS/OT-specific security training, ensuring
that those responsible for monitoring ICS controls have a deep understanding of
control system networks.
One of the most concerning
findings in the report is that while cybersecurity budgets have increased, much
of the investment remains focused only on traditional business support systems
such as IT, leaving ICS/OT environments, the business itself, dangerously
under-protected. After all, in an ICS organization, the ICS is the
business.
Organizations that fail to
reevaluate their threats to their ICS environments leave critical
infrastructure vulnerable to increasingly sophisticated attacks. Protecting
these engineering systems isn't optional-it's essential for operational
resilience and national security."
Download
the full report to understand the critical benchmarks for securing ICS/OT
environments and how your organization can better prepare for the future.