75% of critical infrastructure organisations endorse ‘Secure by Operations’ strategy to defend against OT cyberattacks

Nine in ten critical infrastructure organisations hit by OT attacks in the past 18 months
One-third of those suffered 4-6 attacks in the last 18 months due to limited visibility and capabilities
11% experienced between 7-10 breaches despite existing security measures

A newly commissioned global study of over 250 global Operational Technology (OT) critical infrastructure security decision-makers[1], conducted by Forrester Consulting on behalf of Schneider Electric, reveals that 91% of global organizations experienced at least one OT breach or failure in the past 18 months, even with security measures in place. These incidents led to service interruptions (51%), revenue loss (49%), and reputational damage (53%).

Roughly seven in ten global critical infrastructure security decision-makers said they were concerned about their ability to protect their organisation; six in ten questioned their capabilities to detect an OT cyberattack.

The study highlights a critical gap: 51% still rely on traditional information technology (IT) practices to secure OT environments and only 40% have 24/7 monitoring in place for OT cyber threats.

Other key findings suggest that implementing ‘Secure by Operations’ principles[2] – the practice of embedding cybersecurity into complex, mixed-technology operational environments with an emphasis on proactive, continuous cybersecurity post-deployment – could significantly improve OT security for critical infrastructure:

75% of respondents agree that ‘Secure by Operations’ strategies are likely instrumental in mitigating future OT cyberattacks.
Organisations that have adopted these principles report up to 53% faster recovery time and a 51% reduction in capital expenditure (CapEx).
Nearly half of respondents indicate potential gains in company reputation (50%), operational efficiency (45%), and regulatory compliance (44%).

The study points out that many critical infrastructure operations teams lack the strategy and solution capabilities needed to protect their OT environments. Managed security service providers (MSSPs) can help organisations augment their current security practices by providing solution capabilities, staffing, and expertise needed for securing and monitoring OT environments, maintaining compliance, and managing response and recovery services.

Jay Abdallah, President, Cybersecurity Solutions, Schneider Electric, commented: “These figures show that while cybersecurity risk is well recognized, the pace of action to mitigate it must accelerate. Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability. To close the widening OT cybersecurity gap, organizations must combine internal capabilities with external partnerships that bring specialised, operationally aware expertise. Securing the effective integration between IT and OT environments is critical – not only to strengthen an organisation’s security posture, but also to drive industrial competitiveness by enabling smarter, more efficient operations.”

As the threat landscape evolves, ‘Secure by Design’ principles must be supported by secure deployment guidelines and configurations when integrating technology into end-user environments. Ongoing maintenance and oversight throughout the technology lifecycle should follow ‘Secure by Operations’ practices.

www.se.com

Sources:

[1] This commissioned study of 262 global OT critical infrastructure security decision-makers was conducted by Forrester Consulting on behalf of Schneider from April 2025 and surveyed security leaders across North America, EMEA, APAC, and South America. The study was completed in June and first released in September 2025. Industries represented include critical infrastructure operators, asset owners, OEMs and government authorities.

[2] ‘Secure by Operations’ is the practice of implementing cybersecurity into complex, mixed-technology operational environments. It goes beyond the protections offered by technology vendors through ‘Secure by Design’ principles by focusing on secure implementation, configuration, and ongoing maintenance, with clearly defined responsibilities for technology providers, system integrators, and asset owners.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

75% of critical infrastructure organisations endorse ‘Secure by Operations’ strategy to defend against OT cyberattacks

Sources:

Related Posts

Vincent Harper to engineer ‘Excellent Partner’ company

HMK Automation Group adds new RobotiQ Servo Grippers to the extended collaborative robot range

Big talking ‘greenprint’ not enough – we need proper investment and plan, says GMB

ABB expands IE5 SynRM motor range to enable Ultra-Premium efficiency in more applications than ever