CISO “s and CSO” s are gaining more responsibility for OT security.
More organizations are shifting responsibility for operational technology (OT) security to executive-level managers. This is evident from the latest State of Operational Technology & Cybersecurity Report from Fortinet.
More Authority for CISOs and CSOs
According to Fortinet, the Chief Information Security Officer (CISO) or Chief Security Officer (CSO) is now responsible for OT security at 52 percent of organizations. In 2022, this percentage was only sixteen percent. The total share of organizations where OT security falls under the supervision of a C-level manager increased from 54 percent in 2022 to 95 percent this year. Looking ahead, 80 percent of companies want to place OT responsibility with the CISO.
This shift influences how organizations deal with cyber threats. Companies with a higher maturity level report revenue loss due to downtime less frequently. In 2024, 52 percent of companies experienced revenue loss after incidents; this year it’s 42 percent. Additionally, organizations that apply best practices, such as network segmentation and cyber hygiene training, are less often affected by phishing or business email compromise.
Adoption of Best Practices Increases
The report also points to a rising adoption of integrated security solutions. More companies are limiting the number of OT solution providers, which increases oversight and efficiency. About 78 percent work with a maximum of four vendors. The use of platform approaches and integrated security architectures is also growing, simplifying management and shortening incident response time.
Fortinet advises organizations to maintain visibility of all OT assets, segment networks, and explicitly include OT in incident response and security operations planning. Finally, the report recommends utilizing current threat intelligence and working with platforms that offer OT-specific security mechanisms.
The research was conducted among more than 550 OT professionals in various sectors worldwide, including manufacturing, transportation, energy, and healthcare.