The 2026 Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are becoming more diligent in addressing the increased number of risks being created by expanded levels of connectivity. The report also highlights a market that is increasingly realistic about OT cybersecurity maturity, more alert to intrusions, and more dedicated to meeting upcoming regulatory requirements.
The good news is that many organizations are making progress. The challenge, however, is that maturity levels vary, with many OT environments still facing major issues with visibility, segmentation, secure remote access, incident response, and standardized security architecture.
One of the clearest signs of OT security maturity over the past several years has been the elevation of OT cybersecurity responsibility to senior leadership. According to Fortinet, 60 percent of respondents reported that the CISO has ultimate responsibility for OT cybersecurity. That is down from 69 percent in 2025, but the shift does not necessarily indicate a decline in executive attention.
What the report suggests is that some organizations have matured sufficiently to transfer OT risk ownership to other senior leaders, following C-suite involvement in formalizing strategy, funding, and governance. Where already not elevated, 81 percent of respondents plan to assign OT cybersecurity to the CISO within the next year.
The takeaway is clear: OT risk is no longer the sole responsibility of plant operations or engineering teams. Instead, it now demands coordinated management involving security, operations, risk management, compliance and executive leadership. As OT security matures, the threat landscape is also becoming more complex.
Issues such as ransomware, phishing, extended dwell times, limited visibility, and fragmented security architectures continue to pose significant challenges. Fortunately, organizations are rapidly improving visibility, reassessing their maturity more honestly, preparing for regulation, and investing in more advanced security capabilities.
Industry stakeholders recently weighed in with their thoughts on both the gains that have been made, and the challenges that remain.
Louis Eichenbaum, Federal CTO at ColorTokens
"OT environments rely heavily on HMIs and monitoring systems to give operators accurate situational awareness. If an adversary can compromise those systems and present false data, operators can be tricked into making dangerous decisions based on inaccurate information. In many OT environments such as water treatment facilities, pipelines, manufacturing plants, or energy infrastructure, false telemetry could have even more severe consequences.
"The larger issue is that many of these OT systems were never designed with cybersecurity in mind. This is exactly why the cybersecurity conversation must move beyond prevention alone. We are never going to patch fast enough or prevent every intrusion. The focus now must be on resilience.
"Granular microsegmentation and Zero Trust principles are essential in OT environments because they help contain breaches, restrict unauthorized communications, and reduce the blast radius when a compromise occurs. The goal is not simply to stop every attack, but to ensure that a localized intrusion does not become a catastrophic operational event."
John Gallagher, Vice President at Viakoo
"Cybersecurity threats are always evolving, as are the skills needed to combat them. Clearly the shift by malicious hackers to target OT devices has brought new requirements to manufacturing. As threats become more cyber-physical in their impact, faster incident response and forensics will drive employers to recruit security professionals who can operate outside of the traditional IT space.
"I’d also like to touch upon the recent hype cycle around Mythos, which has been impressive, especially regarding its autonomous hacking capabilities. However, when we look past the theoretical zero-days in clean, standardized IT environments, the reality of securing OT and the Internet of Things (IoT) is the real cause for concern and urgent action because of Mythos.
"OT/IoT represents a larger attack surface than IT systems, and Mythos renders it into the most easily hacked part of infrastructure because it can overcome issues like non-standard operating systems and differences in network topology. This directly accelerates existing trends like the shift of ransomware from data to OT systems, and the use of OT/IoT devices for initial infection and lateral movement."
Nathaniel Jones, VP and Field CISO at Darktrace
"As Operational Technology (OT) becomes more integrated with IT systems, it presents more opportunities for attackers. OT security is strongest when supported by robust IT security, requiring coordination between IT and OT teams to defend the entire network.
"By adopting good cyber hygiene, proactively securing your digital estate, and addressing any vulnerabilities before they can be exploited, organizations will be much better equipped to defend their networks against increasingly resourceful threat actors."
Vikesh Khanna, CTO & Co-Founder at Ambient.ai
"Legacy issues, such as air-gapped systems being compromised, weak authentication, and unpatched vulnerabilities persist, however, we're seeing shifts toward more resilient architectures that incorporate physical security layers. For instance, unauthorized physical access to ICS assets—such as control panels or field devices—remains a major vector for breaches.
"With AI integration for real-time monitoring, anomaly detection, and proactive physical threat prevention, combined with stricter regulations, I expect meaningful improvements. Recent trends include AI-driven anomaly detection, micro-segmentation, and zero-trust architectures, however a key innovation is agentic physical security for proactive threat prevention. Adaptive protections using ML for real-time encryption and threat response are game-changers, especially when layered with physical barriers and AI-verified access.
"Global, geopolitical conflicts are fueling a surge in OT attacks often exploiting physical vulnerabilities such as unsecured facilities or insider access. State-sponsored actors and hacktivists target critical infrastructure for disruption, as seen in DDoS campaigns, ransomware, and even physical sabotage attempts.
"This convergence of cyber warfare and geopolitics heightens risks, making robust agentic physical security essential to complement digital defenses and mitigate hybrid threats."
