Top 5 OT Cybersecurity Predictions for 2025

By Richard Springer, Senior Director, Marketing, OT Solutions, Fortinet

Making predictions is often more art than science. But as I look at what’s happening with operational technology (OT) security, I see a few trends that OT leaders should keep an eye on in 2025. Many of these predictions continue themes that we saw over the past year, particularly in terms of risk. For OT, new threats are always appearing as cybercriminals continue to pivot toward unsecure and high-value targets.

1. Rise in OT Risks

In 2025, geopolitical events will continue to drive targeted attacks on cyber-physical systems and critical infrastructure.

Last year, we saw attacks on satellite networks and manufacturing companies in the United States and Europe. Some were linked to events in the Middle East where attackers went after programmable logic controllers (PLCs) that happened to be produced in Israel, and took down some small water districts.

Even though these events produced minor disturbances, they gave attackers more confidence, because they represented small, easy-to-execute, yet disruptive attacks. These types of attacks also serve to intimidate targets so they worry that their water system might not be safe.

I expect these psychological operations tactics to continue increasing, acting as a chilling reminder that attackers could take larger, more severe actions against infrastructure in the future.

Unfortunately, the manufacturing sector is full of high-value targets, and so far, it’s largely unregulated in terms of mandates for some cybersecurity controls. The sector is a major target for ransomware because attackers go after targets that are likely to pay. Historically, manufacturing companies have been quick to pay ransoms so they can get their operations back online.

On the positive side, OT security solutions are currently staying ahead of the AI-based attacks increasingly being used by cybercriminals. And the increased recognition of the risks to OT systems has led to budget increases, more focus from industry groups, and more regulations and assistance from governments.

Some sectors may see more enforcement of baseline protection and practices going forward. Unfortunately, those sectors that are seeing more cyberattacks are also likely to see their cybersecurity insurance premiums increase and their coverage shrink.

2. Changes in Patching Approaches

The second trend I’m seeing relates to the patching of OT systems. In addition to PLCs, patching needs to include the networking solutions located in the OT environment, physical security systems, such as cameras and vision systems, and the various other sensors and controllers used in production.

Most OT organizations have outdated legacy devices for which no updates or patches exist, yet the business must maintain production 24/7. In many cases, it simply isn’t feasible to take a system offline for weeks or months to update or maintain it.

Some industries are now also facing regulations requiring patching certain issues or implementing a specific patching strategy. Patching older systems can also lead to compatibility and interoperability issues that can be difficult or impossible to troubleshoot and fix.

In 2025, I predict some OT organizations will take a more holistic approach to patching. Instead of attempting to patch a device that will never have updated firmware or trying to find the budget to rip and replace the equipment, organizations will take a holistic attack surface management approach. This strategy involves segmentation and microsegmentation, OT application inspection, and virtual patching. With this approach, ideally, no action is needed when a new OT device vulnerability is discovered.

3. Increase in OT Cloud Adoption

In 2025, we’ll see more cloud-enabled devices within the OT-secured perimeter and more IT cloud and OT dependencies as more companies move from isolated OT systems to integrated environments with industrial IT, cloud and wireless systems.

According to the 2024 SANS ICS/OT Cybersecurity Survey, 26% of organizations now use cloud tech for industrial control systems and OT applications, representing a 15% increase in only one year. Many organizations need simple, scalable, cost-effective, secure remote access for third-party maintenance or secure access to performance monitoring or SaaS cloud-based solutions to enable collaboration across distributed teams.

Across most industries, secure access to cloud-hosted industrial applications is vital. So, extending security beyond the traditional OT perimeter is essential for resilience in modern OT environments. They should be brought together with an OT-converged cybersecurity platform to secure people, processes and technology.

The first step is to secure the OT perimeter with segmentation and create zones and conduits using a firewall that understands industrial protocols. Supporting remote connectivity can then be added using SD-WAN and SASE and by implementing role-based access control with multifactor authentication to ensure only authorized users can access certain systems.

4. More 5G in OT

In 2025, I expect to see the continuing adoption of 5G in OT. On the IT side, the use of cellular technologies has been around for more than a decade, but several factors continue to drive 5G adoption in OT. Reliable connectivity is critical, and there’s a need for broadband in remote areas where cable or fiber simply isn’t available.

Certain OT functions, such as business continuity, require low-latency connectivity, which is a limitation of satellite connectivity. I foresee private 5G increasingly being used as an industrial LAN technology for factory robotics that require low latency, such as automated guided vehicles (AGVs), autonomous mobile robots (AMRs), and other Industrial Internet of Things (IIoT) devices.