A new collaborative report from SANS Institute and OPSWAT has uncovered a troubling disconnect between industrial cybersecurity threats and organizational spending priorities. The 2025 ICS/OT Cybersecurity Budget Report highlights how insufficient funding and misaligned priorities are creating dangerous vulnerabilities in critical infrastructure systems precisely when attacks are increasing.

Growing Attacks on Vulnerable Infrastructure

The research paints a concerning picture of security within critical infrastructure environments. More than half of surveyed organizations showed evidence of security breaches, with 27% explicitly confirming incidents. Another 19.9% declined to respond due to company policies, while 11% were uncertain whether breaches had occurred—suggesting actual incident rates may be substantially higher than officially acknowledged.

Internet-accessible devices proved to be the most vulnerable attack surface, accounting for 33% of exploited vulnerabilities. Transient devices followed closely at 27%, with both categories frequently bypassing traditional security controls.

Budget Control and Allocation Problems

Despite the growing recognition of operational technology security risks, only 27% of organizations place budgetary control under the authority of CISOs or CSOs. This leadership gap creates funding allocation problems that often overlook specialized ICS/OT security requirements.

The financial commitments reflect this misalignment. Less than half of organizations allocate just 25% of their cybersecurity budgets toward protecting critical infrastructure systems, despite these environments facing increasingly sophisticated threats.

IT Systems Serve as Primary Attack Vector

One of the report’s most significant findings reveals that IT compromises serve as the primary entry point for 58% of ICS/OT security incidents. This statistic underscores the urgent need for integrated security approaches that address vulnerabilities across converged environments.

While 55% of organizations reported increased ICS/OT cybersecurity budgets over the past two years, investments remain heavily skewed toward technology acquisitions rather than operational resilience—creating an imbalance that attackers continue to exploit.

Recommendations for Improving Security Posture

The report emphasizes several priorities for organizations looking to strengthen their industrial cybersecurity stance:

  • Allocating appropriate budgets specifically for ICS/OT defense systems, with particular attention to securing devices and endpoints
  • Developing stronger protections against cross-domain attacks that target the IT/OT boundary
  • Ensuring cybersecurity leadership maintains direct oversight of budget decisions to properly align spending with operational risk profiles

As threats to critical infrastructure continue evolving, the report serves as a wake-up call for organizations to reconsider their funding priorities and defensive strategies before more serious incidents occur.

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments