SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cybersecurity
#
Security vulnerabilities
#
Report

Rising ICS/OT cyber threats due to budgetary imbalances

Today
Author image
By Catherine Knowles, Journalist

A report by SANS Institute and OPSWAT highlights significant gaps in cybersecurity budgets while incidents involving ICS/OT systems continue to increase.

The findings of the 2025 ICS/OT Cybersecurity Budget Report indicate that while 55% of organisations have increased their ICS/OT cybersecurity budgets over the past two years, there remains an imbalance with the focus primarily on technology rather than on operational resilience. This imbalance, as per the report, is a result of the convergence of IT and OT environments, leading to new vulnerabilities.

The report presents alarming statistics, noting that more than 50% of organisations experienced at least one security incident involving ICS/OT systems in the past year. Particular vulnerabilities that were predominantly exploited include internet-accessible devices (33%) and transient devices (27%), both of which are often utilised to bypass traditional defence mechanisms.

Despite a growing awareness of the importance of OT cybersecurity, only 27% of organisations place budgetary control under Chief Information Security Officers (CISOs) or Chief Security Officers (CSOs). The report warns that without dedicated leadership, crucial ICS/OT-specific needs are often overlooked in budget allocations, exposing infrastructure to evolving security threats.

The report identifies compromises in IT as the most frequent attack vector, accounting for 58% of ICS/OT security incidents. This underscores the necessity for integrated security strategies that address vulnerabilities across different domains.

Funding for ICS/OT-specific protections remains inadequate, with fewer than half of the companies allocating only 25% of their cybersecurity budgets towards safeguarding critical infrastructure. This underfunding leaves systems vulnerable to attacks.

Dean Parsons, Principal Instructor and CEO of ICS Defense Force, remarked, "The evolving threat landscape in ICS/OT demands more than just deploying the five ICS Cybersecurity critical controls. Effective critical infrastructure defense requires a strategic investment in ICS/OT-specific security training, ensuring that those responsible for monitoring ICS controls have a deep understanding of control system networks."

Parsons further pointed out a critical concern: "One of the most concerning findings in the report is that while cybersecurity budgets have increased, much of the investment remains focused only on traditional business support systems such as IT, leaving ICS/OT environments, the business itself, dangerously under-protected. After all, in an ICS organisation, the ICS is the business."

He emphasised the necessity for organisations to reassess their approach to threats against their ICS environments. "Protecting these engineering systems isn't optional - it's essential for operational resilience and national security," Parsons stated.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ManageEngine transforms Log360 into security analytics hub
Red Canary unveils cost-saving data storage enhancement
Cybersecurity & AI lead MSP growth in recent report
Okta surpasses $1 billion in AWS Marketplace sales
Dark web leak: 2.3 million bank cards exposed online
Top stories
Hackers exploit botnet to attack Microsoft 365 accounts
Advanced persistent threats rise by 74% in 2024 report
Arlo & SmartThings enhance home security partnership
Women in tech share insights ahead of International Women's Day
Jamf to acquire Identity Automation for $215 million