The recent Global Industrial Cybersecurity Benchmark 2025 by Takepoint Research, sponsored by Forescout, revealed an overconfidence in critical infrastructure security. Notably, the research found that 44% of industrial organisations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat detection capabilities. Additionally, it was reported that a third of organisations take more than 90 days to remediate threats.
The Industrial Cybersecurity Benchmark 2025 surveyed 236 operational technology and automation leaders to identify their key challenges, maturity gaps and strategic priorities as risks to industrial organisations rise. Rapid digitalisation has increased connectivity across devices, transforming industrial environments, which in turn increases cyber risk. Rising geopolitical tensions further compound these challenges, demanding more nuanced, strategic and integrated security approaches to protect critical assets while maintaining operations.
“Industrial leaders tell us that they’re under intense pressure to modernise operations while still relying on fragmented and outdated security technologies,” said Jonathon Gordon, Directing Analyst at Takepoint Research. “They recognise that incremental fixes aren’t enough — they need a unified security strategy that bridges IT and OT, backed by executive support and driven by automation.”
Supply chain threats are top security concern
Far exceeding concerns surrounding nation-state actors and zero day vulnerabilities, 50% of organisations claim their top concern is supply chain threats and cybercriminal activity. This is unsurprising given recent high profile supply chain attacks, including the 2024 Snowflake incident that affected Santander, Ticketmaster and other vendors. This reflects a focus on tangible, near-term disruptions, rather than protection against long-term strategic risks that may be harder to detect but equally damaging over time.
OT cybersecurity maturity increases
The report found that most organisations are in early stages of OT cybersecurity maturity. Only 17% of organisations report mature OT security practices, while 64% classify their maturity as foundational, characterised by manual processes and fragmented visibility and compensating controls. An additional 19% identify their cybersecurity maturity as evolving.
Prolonged risks exposed through remediation timelines
According to the findings, over 33% of organisations take more than 90 days to remediate threats and 63% take over 30 days. This can be due to insufficient metrics tracking, industrial maintenance constraints and a lack of automation to streamline response workflows.
Challenges surrounding widespread tool sprawl and fragmentation remain
It was stated that 57% of organisations deploy more than three tools to monitor IT, OT and IoT environments. This can result in risk from blind spots, alert fatigue, inconsistent insights and increased operational complexity being heightened.
Critical security tasks were recognised as being manual and time-intensive
Nearly half of organisations cite vulnerability prioritisation (49%) and risk mitigation (44%) as the most laborious tasks. Limited staffing and heavy manual workflows further exacerbate these challenges.
Christina Hoefer, Vice President of OT/ IoT Vertical and Strategy at Forescout said: “Low confidence in OT and IoT threat detection is a warning signal, not just a statistic. For industrial organisations managing complex, high-stakes environments, improving detection means visibility across all devices, monitoring OT networks and strategically investing in security controls that respect operational needs to reduce risks and enable effective incident response.”
