SANS Institute, the global leader in cybersecurity training and research, in partnership with OPSWAT, a global leader in critical infrastructure protection (CIP) solutions, announced the findings of the 2025 ICS/OT Cybersecurity Budget Report, revealing significant gaps in cybersecurity budgets and a surge in ICS/OT-focused attacks. The report highlights how insufficient funding, misaligned priorities, and fragmented defenses are leaving critical infrastructure exposed to increasingly sophisticated threats.
While 55% of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience. This imbalance, combined with the convergence of IT and OT environments, creates new vulnerabilities adversaries are exploiting at an alarming rate.
Key Findings from the Report:
- Critical Infrastructure Under Attack: Over the past year, more than 50% of organizations experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited were internet-accessible devices (33%) and transient devices (27%), often used to bypass traditional defenses.
- Budget Gaps Leave ICS/OT at Risk: Despite growing recognition of OT cybersecurity as a priority, only 27% of organizations place budgetary control under CISOs or CSOs. Without dedicated leadership, budget allocation often overlooks critical ICS/OT-specific needs, exposing infrastructure to evolving threats.
- IT as a Primary Attack Vector: The report identifies IT compromises as the most common entry point, responsible for 58% of ICS/OT incidents. This highlights the urgent need for integrated security strategies that address cross-domain vulnerabilities.
- Insufficient Budgets for ICS/OT Security: Many organizations continue to underfund ICS/OT-specific protections. Less than half allocate only 25% of their cybersecurity budgets to safeguarding critical infrastructure, leaving systems exposed to attacks.
Prioritizing Budget and Workforce Investments
The 2025 ICS/OT Cybersecurity Budget Report stresses the need for organizations to rethink their cybersecurity strategies:
- Allocating proper budgets to ICS/OT defenses: devices and endpoints
- Strengthening defenses against cross-domain attacks
- Ensuring cybersecurity leadership oversees budget decisions to align spending with operational risk
Dean Parsons, Principal Instructor and CEO and Principal Consultant of ICS Defense Force stated, “The evolving threat landscape in ICS/OT demands more than just deploying the five ICS Cybersecurity critical controls. Effective critical infrastructure defense requires a strategic investment in ICS/OT-specific security training, ensuring that those responsible for monitoring ICS controls have a deep understanding of control system networks. One of the most concerning findings in the report is that while cybersecurity budgets have increased, much of the investment remains focused only on traditional business support systems such as IT, leaving ICS/OT environments, the business itself, dangerously under-protected. After all, in an ICS organization, the ICS is the business. Organizations that fail to reevaluate their threats to their ICS environments leave critical infrastructure vulnerable to increasingly sophisticated attacks. Protecting these engineering systems isn’t optional—it’s essential for operational resilience and national security.”
Download the full report to understand the critical benchmarks for securing ICS/OT environments and how your organization can better prepare for the future.
