IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Industrial control room security challenges critical infrastructure alerts
#
Cybersecurity
#
Schneider Electric
#
IT Department

Critical infrastructure sees 91% OT breach rate in 18 months

Today
Author image
By Catherine Knowles, Journalist

Nearly all critical infrastructure organisations worldwide have experienced at least one operational technology (OT) breach in the last 18 months, according to a new global study conducted by Forrester Consulting and commissioned by Schneider Electric.

The study surveyed over 250 security decision-makers across key sectors managing critical infrastructure, revealing that 91% reported an OT breach or failure during the period despite existing security controls. The consequences included service interruptions for 51% of respondents, revenue loss for 49%, and reputational harm for 53%.

Among those affected, approximately one third endured between four and six breaches, while 11% suffered seven to ten incidents within the same timeframe. The study noted a significant level of concern among decision-makers, with seven in ten expressing doubts about their organisation's ability to protect itself and six in ten questioning their capacity to detect OT cyberattacks.

OT security shortfalls

One of the critical gaps identified by the research is the continued reliance on traditional information technology (IT) security practices for OT environments; 51% of participants reported continuing this approach. Only 40% of organisations had round-the-clock monitoring for OT-specific cyber threats, increasing their exposure to increasingly sophisticated attacks on legacy and complex systems.

These challenges have developed amid stricter cybersecurity regulations and heightened activity from threat actors targeting essential services globally. The study underscores the growing urgency for organisations to move from reactive cyber defences to more proactive, resilient strategies tailored to the unique needs of OT environments.

Secure by Operations strategy

Schneider Electric's 'Secure by Operations' framework emerged as one of the principal recommendations in the study. This approach emphasises incorporating cybersecurity measures into the deployment, maintenance, and ongoing management of mixed-technology operational environments, rather than relying solely on product design or traditional IT practices.

The report found that 75% of the surveyed organisations agreed that adopting 'Secure by Operations' is likely instrumental in mitigating OT cyberattacks in the future. Organisations that have put the approach into practice reported notable results: a 53% reduction in recovery time from incidents and a 51% drop in capital expenditure related to OT cybersecurity.

Further, around half of respondents identified additional benefits such as improvements in company reputation (50%), greater operational efficiency (45%), and stronger regulatory compliance (44%).

The role of external expertise

Jay Abdallah, President, Cybersecurity Solutions, Schneider Electric, said, "These figures show that while cybersecurity risk is well recognised, the pace of action to mitigate it must accelerate. Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability."
"To close the widening OT cybersecurity gap, organisations must combine internal capabilities with external partnerships that bring specialised, operationally aware expertise. Securing the effective integration between IT and OT environments is critical - not only to strengthen an organisation's security posture, but also to drive industrial competitiveness by enabling smarter, more efficient operations."

The study also pointed to the need for continuous oversight and clear division of responsibility between technology providers, integrators, and asset owners. While 'Secure by Design' principles offer a foundation, the report argued that secure deployment guidelines, configurations, and post-deployment maintenance following 'Secure by Operations' best practices are essential to effective long-term protection.

Moving forward

As cyberattackers adapt techniques and regulations become more stringent, the study suggests that resilient, proactively managed cybersecurity, embedded across the operational lifecycle, will be critical for critical infrastructure operators seeking to reduce risk, lower costs, and preserve trust.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Catalogic unveils DPX 4.13 to boost backup integrity & cyber defences
Cybersecurity education expands as universities target workforce gap
Checkmarx named leader in Forrester Wave for SAST & AI tools
Checkmarx named leader in IDC MarketScape ASPM 2025 report
Gigamon unveils AI-powered Insights to boost cloud security & IT

Top stories

Nasuni expands global R&D with new innovation centre in Hyderabad
Wavelo unveils solution to unlock legacy telecom data for AI
SentinelOne to acquire Observo AI to boost AI-native security data
TetraLogical launches self-led online courses in digital accessibility
Siemens joins CHERI Alliance to boost cybersecurity in EDA sector