The security of Operational Technology (OT) environments is evolving rapidly, but increased industrial connectivity, integration between IT and OT, and the digitalization of operations are expanding the attack surface and forcing organizations to strengthen their cybersecurity strategy.
This is reflected in Fortinet’s Global State of Operational Technology and Cybersecurity 2026 report, prepared from a survey of more than 700 operational technology managers around the world.
71% of companies detected between one and nine security intrusions during the last year
The study shows a more mature market and aware of its deficiencies, although important issues still persist in aspects such as visibility, network segmentation, secure remote access and the ability to respond to security incidents.
The most relevant data in the report
- 60% of organizations place the ultimate responsibility for OT cybersecurity in the CISO, consolidating industrial security as a strategic issue that transcends the operations and engineering departments. Additionally, 81% of companies that have not yet done so plan to shift this responsibility to the CISO over the next year.
- Organizations are now more realistic about their level of maturity. The percentage of companies that assessed themselves at the highest level of maturity fell from 49% to 17%, which reflects a more rigorous evaluation of their capabilities and not necessarily a setback in security.
- 71% of companies detected between one and nine intrusions during the last year, compared to 47% registered in 2025. According to Fortinet, this increase is mainly due to an improvement in detection and visibility capabilities, rather than an actual increase in attacks.
- Only 24% of organizations suffered simultaneous intrusions in IT and OT environments, compared to 60% the previous year, which points to a significant improvement in segmentation between both environments.
- Phishing continues to be the most frequent threat, present in 76% of incidents, while ransomware continues to affect 50% of organizations, remaining one of the main risks to operational continuity.
- 89% of OT managers expect an increase in regulatory demands in the next five years, reflecting the growing importance of industrial cybersecurity for the protection of critical infrastructure and business continuity.
- Visibility is improving, but significant gaps remain: the percentage of organizations with complete visibility of their OT environments rose from 5% to 14%, although almost a quarter acknowledge that they only have control over about half of their industrial assets.
- The modernization of industrial systems is advancing. 40% of organizations already operate with ICS systems less than five years old, double the number in 2025. However, this modernization increases connectivity and requires incorporating security from the design of the infrastructure.
Conclusions of the report
The report concludes that OT security is entering a new stage of maturity. Organizations have greater visibility, evaluate their capabilities more realistically and place industrial cybersecurity among the priorities of senior management. However, risk continues to increase due to the increasing interconnectedness of industrial and business environments.
Fortinet identifies five priorities to accelerate OT security maturity:
- Segment and microsegment IT and OT networks.
- Implement secure remote access for suppliers and third parties.
- Integrate OT environments into security operations and incident response plans.
- Incorporate threat intelligence specific to industrial systems.
- Adopt an integrated platform that unifies visibility, control and response.
Ultimately, OT cybersecurity can no longer be addressed using isolated tools or independent teams. Protecting industrial environments requires an integrated strategy that combines people, processes and technology, and that involves both IT and OT areas under the same corporate governance.
