While OT Security Is Maturing, Risk Is Not Slowing Down
Fortinet’s 2026 State of OT and Cybersecurity Report shows why visibility, segmentation, and integrated security remain essential.
Over the past several years, operational technology (OT) security has evolved from a niche concern into a board-level priority. Industrial organisations now depend on interconnected systems, remote access, cloud analytics, and converged IT and OT environments to keep operations running.
While this connectivity improves efficiency and resilience, it also expands the attack surface for cybercriminals, ransomware operators, and nation-state adversaries.
The 2026 Fortinet State of Operational Technology and Cybersecurity Report reveals that organisations are taking these risks more seriously. Based on a global survey of more than 700 OT professionals, the report highlights a market that is becoming more realistic about cybersecurity maturity, more aware of intrusions, and more focused on regulatory compliance.
Many organisations are making meaningful progress. However, maturity levels still vary widely. As a result, many OT environments continue to struggle with visibility, segmentation, secure remote access, incident response, and standardised security architectures.
OT Security Responsibility Remains a C-Suite Issue
One of the strongest indicators of OT security maturity is the growing involvement of executive leadership.
Sixty per cent of respondents said the chief information security officer (CISO) holds ultimate responsibility for OT cybersecurity. Although this figure declined from 69 per cent in 2025, the change does not necessarily signal reduced executive engagement.
Instead, the report suggests that some organisations have matured enough to distribute OT risk ownership across multiple senior leaders after executives established governance structures, budgets, and strategic direction.
Meanwhile, 81 per cent of respondents expect to place OT cybersecurity under the CISO within the next year. That figure increased slightly from 80 per cent in 2025.
The message is clear. OT risk no longer belongs solely to plant operations or engineering teams. Today, organisations must manage OT cybersecurity through collaboration between security, operations, compliance, risk management, and executive leadership.
Maturity Ratings Are Becoming More Realistic
The report highlights a significant shift in how organisations evaluate OT cybersecurity maturity.
In previous years, many respondents rated their programmes highly. However, as organisations improved visibility, deployed additional security tools, and increased collaboration between IT and OT teams, they gained a clearer understanding of their remaining gaps.
The data reflects that change.
Respondents reporting Level 0 maturity, which represents undocumented or disorganised cybersecurity processes, increased from one per cent in 2025 to five per cent in 2026. Level 1 rose from five per cent to 17 per cent, while Level 2 increased from 13 per cent to 27 per cent.
At the same time, Level 4 maturity dropped sharply from 49 per cent to 17 per cent.
At first glance, this trend may appear negative. In reality, it reflects a more honest assessment of risk. As organisations improve visibility and strengthen governance, they often uncover weaknesses that previously remained hidden.
The same trend appears in OT security solution maturity. Level 4 adoption fell from 19 per cent to 14 per cent, while Levels 0 and 1 increased.
As a result, many organisations remain focused on establishing core OT security capabilities, including asset visibility, network segmentation, secure remote access, monitoring, and response.
Intrusions Are Being Detected More Often
The report also reveals a notable shift in intrusion reporting.
Seventy-one per cent of respondents reported between one and nine intrusions, compared with 47 per cent in the previous year. Meanwhile, organisations reporting more than 10 intrusions remained steady at two per cent.
This trend does not automatically mean attacks have increased.
Instead, it suggests that organisations now detect more activity inside their environments. In OT security, a lack of detected intrusions often reflects limited visibility rather than a lack of attacks.
As detection capabilities improve, reported incidents often increase before overall risk decreases.
The report also contains encouraging findings.
Only 24 per cent of respondents reported intrusions affecting both IT and OT systems. That figure fell significantly from 60 per cent in 2025 and marks the lowest level since 2022.
This improvement likely reflects stronger network segmentation between IT and OT environments.
However, the threat landscape remains challenging.
Phishing remains the most common intrusion vector at 76 per cent. Meanwhile, ransomware continues to pose a major threat at 50 per cent.
Although ransomware declined slightly from 54 per cent in 2025, organisations still view it as a critical risk because of its potential impact on production, safety, revenue, and critical infrastructure.
Dwell Time Remains a Warning Sign
Attacker dwell time remains one of the most important cybersecurity metrics.
The longer attackers remain undetected, the more opportunities they have to conduct reconnaissance, steal sensitive data, launch ransomware, disrupt operations, or establish long-term persistence.
The 2026 report shows that longer dwell times, measured in weeks and months, have increased.
This trend raises concerns for OT environments because industrial systems often rely on legacy technologies, specialised protocols, and uptime requirements that can complicate rapid response efforts.
Reducing dwell time requires more than basic monitoring.
Organisations need OT-specific visibility, threat intelligence, network segmentation, secure remote access controls, and incident response plans that account for safety, operational continuity, and production requirements.
Regulatory Pressure Is Accelerating
OT leaders expect a more demanding regulatory environment.
Eighty-nine per cent of respondents anticipate increased regulation within five years or less. That figure represents a significant increase from 66 per cent in 2025.
The report also shows a 20-point rise in respondents expecting new regulations within two to five years instead of beyond five years.
This shift matters because governments increasingly link OT cybersecurity to critical infrastructure protection, incident reporting, public safety, business continuity, and data security requirements.
Regulation is no longer a future concern. It is becoming an operational reality.
Organisations that act now can use compliance initiatives to strengthen resilience, improve reporting, reduce risk, and modernise security operations.
Visibility Is Improving, but Gaps Remain
Visibility remains the foundation of effective OT security.
Without a clear understanding of assets, users, applications, communication flows, and system dependencies, organisations cannot segment networks effectively or prioritise incident response.
The report shows measurable progress.
The percentage of organisations reporting full visibility across OT environments increased from five per cent in 2025 to 14 per cent in 2026.
Even so, significant gaps remain.
Approximately 23 per cent of respondents reported visibility into only half of their OT environment.
As a result, many security teams continue to defend systems without complete situational awareness.
Modernisation Is Changing the OT Landscape
Industrial organisations continue to modernise their operational environments.
Forty per cent of respondents reported using industrial control systems (ICS) that are less than five years old. That figure doubled from 20 per cent in 2025.
Modernisation can improve reliability, performance, and security.
However, new technologies also introduce additional connectivity, cloud integration, remote access requirements, and data-sharing capabilities.
Therefore, organisations should integrate security into modernisation initiatives from the beginning rather than treating it as an afterthought.
For organisations operating legacy systems, the report reinforces the importance of disciplined patching, compensating controls, continuous monitoring, and strong network segmentation.
Cost Pressure Is Shaping Security Decisions
The report also highlights changing business priorities.
By 2026, cost reduction and cost avoidance became the primary cybersecurity metrics tracked by many organisations. Productivity improvements also remained a major focus.
This trend is understandable because OT leaders must justify cybersecurity investments.
However, organisations should avoid prioritising short-term savings over resilience.
In OT environments, underinvestment can lead to operational downtime, compliance failures, safety incidents, revenue losses, and physical disruptions.
Ultimately, the strongest business case for OT security centres on operational continuity rather than cost reduction alone.
Five Practices That Can Accelerate OT Security Maturity
The report concludes with several practical recommendations:
1. Segment and Microsegment IT and OT Networks
Limit lateral movement and reduce the impact of cyberattacks through effective network segmentation.
2. Deploy Secure Remote Access
Support vendors and third parties with secure access controls instead of broad, persistent connectivity.
3. Integrate OT Into Incident Response Planning
Ensure response teams can manage cyber incidents while maintaining production and safety requirements.
4. Invest in OT-Specific Threat Intelligence
Use threat intelligence that focuses on industrial protocols, sector-specific threats, and OT asset behaviour.
5. Adopt a Platform-Based Security Approach
Simplify operations, improve visibility, centralise management, and enable faster response through integrated security platforms.
These recommendations reinforce a common theme. Organisations cannot solve OT cybersecurity challenges with isolated tools or disconnected teams. Instead, they need a unified strategy that aligns people, processes, and technology across both IT and OT environments.
Conclusion
The 2026 State of Operational Technology and Cybersecurity Report highlights a market undergoing significant change.
While organisations continue to improve OT security maturity, the threat landscape continues to evolve. Ransomware, phishing, long dwell times, visibility gaps, and fragmented architectures remain persistent challenges.
Fortunately, organisations are improving visibility, conducting more realistic maturity assessments, preparing for regulatory requirements, and investing in stronger security capabilities.
To learn more, download the full report and explore the survey findings, maturity benchmarks, and practical recommendations for securing today’s increasingly interconnected industrial environments.
For the full report, please see here.
Stay Informed With Cyber News Live
Cyber threats are constantly evolving, and staying informed is critical to protecting your organisation.
Follow Cyber News Live for the latest cybersecurity news, threat intelligence, expert analysis, and practical guidance to help strengthen your cyber defences.