Over the last several years, operational technology (OT) security has shifted from a specialized concern to a board-level business priority. Industrial organizations now rely on interconnected systems, remote access, cloud-based analytics, and unified IT and OT environments to maintain production. While this advanced connectivity offers increased efficiency and resilience, it has also enlarged the attack surface for cybercriminals, ransomware groups, and nation-state actors.
The 2026 Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are becoming more diligent in addressing these risks. Based on a worldwide survey of over 700 OT professionals, the report highlights a market that is increasingly realistic about OT cybersecurity maturity, more alert to intrusions, and more dedicated to meeting upcoming regulatory requirements.
The good news is that many organizations are making progress. The challenge, however, is that maturity levels vary, with many OT environments still facing major issues with visibility, segmentation, secure remote access, incident response, and standardized security architecture.
OT Security Responsibility Remains a C-Suite Issue
One of the clearest signs of OT security maturity over the past several years has been the elevation of OT cybersecurity responsibility to senior leadership. Sixty percent of respondents reported that the CISO has ultimate responsibility for OT cybersecurity. That is down from 69% in 2025, but the shift does not necessarily indicate a decline in executive attention.
What the report suggests is that some organizations have matured sufficiently to transfer OT risk ownership to other senior leaders, following C-suite involvement in formalizing strategy, funding, and governance. Where already not elevated, 81% of respondents plan to assign OT cybersecurity to the CISO within the next year, an increase from 80% in 2025.
The takeaway is clear: OT risk is no longer the sole responsibility of plant operations or engineering teams. Instead, it now demands coordinated management involving security, operations, risk management, compliance, and executive leadership.
Maturity Ratings Are Becoming More Realistic
The 2026 report reveals a significant shift in how organizations assess their OT cybersecurity maturity. In previous years, respondents frequently rated their programs more highly. However, as IT and OT teams have acquired additional funding, implemented more tools, and enhanced visibility, many organizations now better understand where their defenses still need improvement.
This change is reflected in the data. Respondents at Level 0, indicating disorganized or undocumented cybersecurity processes, increased from 1% in 2025 to 5% in 2026. Level 1 grew from 5% to 17%, while Level 2 went up from 13% to 27%. Conversely, Level 4, which signifies the most advanced cybersecurity programs, saw a significant drop from 49% to 17%.
Initially, this might appear to be regression, but it is better understood as a correction. As teams gain more experience, access better tools, and foster more diverse collaboration between IT and OT security, previously hidden gaps become evident. For many organizations, maturity starts with a more honest evaluation of risk.
The same pattern appears in the maturity of OT security solutions. Level 4 declined from 19% to 14%, while Levels 0 and 1 increased. This highlights a common challenge: many organizations are still establishing the fundamentals of OT security, such as asset visibility, network segmentation, secure remote access, monitoring, and response.
Intrusions Are Being Detected More Often
The report also highlights a major shift in intrusion reporting. The share of respondents reporting multiple intrusions rose, with 71% reporting between one and nine intrusions, up from 47% the previous year. Meanwhile, the share of organizations reporting more than 10 intrusions remained constant at 2%.
This does not necessarily imply that all organizations are experiencing more frequent attacks. Instead, likely indicates that more organizations are now more aware of what is occurring within their environments. In OT security, the phrase "no detected intrusions" can be misleading when visibility is limited. Improved detection capabilities often initially result in higher reported incident numbers, even as they ultimately reduce risk.
The report also shows encouraging signs. Only 24% of respondents said both IT and OT systems experienced intrusions, a sharp decrease from 60% in 2025, and the lowest since 2022. This likely indicates better segmentation between IT and OT environments, which is helping limit the spread of attacks.
Still, the threat landscape remains serious. Phishing is still the most reported intrusion at 76%, and ransomware remains a major concern at 50%. Although ransomware dropped slightly from 54% in 2025, its potential impact on production, safety, revenue, and critical infrastructure keeps it a central focus in OT risk planning.
Dwell Time Remains a Warning Sign
Attacker dwell time is crucial in cybersecurity since it indicates how long an intruder remains undetected. The extended presence of attackers inside a system increases their ability to conduct surveillance, exfiltrate intellectual property, plan ransomware assaults, disrupt operations, or prepare for future actions.
The 2026 report indicates that while some shorter dwell-time categories have stabilized, longer dwell times spanning weeks or months have increased. This is particularly concerning for OT environments. Industrial systems often include legacy devices, specialized protocols, and uptime requirements, which can complicate rapid responses compared with typical IT environments.
Reducing dwell time calls for more than simple monitoring. Organisations must have OT-aware visibility, threat intelligence, network segmentation, secure remote access, and incident response plans that consider operational impact, safety, and continuity of production and critical infrastructure.
Regulatory Pressure Is Accelerating
OT leaders anticipate a more demanding regulatory environment. Eighty-nine percent of respondents expect increased regulation within five years or less, a significant rise from 66% in 2025. The report also highlights a 20-point increase in respondents expecting new regulations within two to five years, rather than beyond five years.
This is important because OT cybersecurity is increasingly tied to critical infrastructure, incident reporting, data security, public safety, and business continuity. Regulatory requirements are no longer future considerations. They are immediate operational realities.
Organisations that delay action until final mandates are issued risk falling behind. Those that start now can leverage compliance efforts to enhance network resilience, improve reporting, lower risk, and modernize security operations.
Visibility Is Improving, but Gaps Remain
Visibility remains a cornerstone of OT security. Without a clear understanding of assets, communication flows, users, applications, and dependencies, organizations cannot effectively segment networks, identify abnormal activity, or establish response priorities.
The 2026 report indicates progress, with the percentage of respondents having full visibility into OT systems increasing from 5% in 2025 to 14% in 2026. This represents a significant improvement.
But the report also reveals that many organizations still lack complete visibility. Approximately 23% of respondents only have visibility into about half of their OT environment. This means that many security teams are defending environments without complete insight.
Modernization Is Changing the OT Landscape
The report shows that organizations are updating their industrial control systems. Forty percent of respondents reported that their ICS systems are less than five years old, up from 20% in 2025. This reflects a trend of modernization aimed at enhancing reliability, performance, and security.
While modernization can help reduce risk, it requires careful management. New systems often increase connectivity, data transfers, remote access, and integration with IT and cloud platforms. As a result, security should be integrated into modernization strategies from the start, rather than added later.
For organizations still running legacy systems, the report underscores the need for strict patching discipline, compensating controls, continuous monitoring, and segmentation.
Cost Pressure Is Shaping Security Decisions
Finally, the report highlights a change in how organizations assess cybersecurity success. By 2026, cost reduction and avoidance had become the primary metrics tracked and reported. Productivity gains also remain a key focus.
This is understandable. OT leaders face pressure to justify security investments. But cost savings should not compromise resilience. In OT settings, insufficient investment can lead to downtime, safety hazards, compliance issues, revenue loss, and physical disruptions.
The strongest business case for OT security isn't just lowering cyber risk. It's ensuring operational continuity.
Five Practises to Help Organisations Mature Faster
The report closes with practical recommendations for improving OT cybersecurity. These include:
- Segment and microsegment IT and OT networks to minimize lateral movement and limit the impact of attacks
- Use secure remote access to support vendors and third parties without relying on broad, persistent access methods
- Integrate OT into security operations and incident response planning so teams can respond to cyber incidents without neglecting production and safety realities
- Invest in OT-specific threat intelligence that encompasses industrial protocols, sector-specific threats, and OT asset behaviors
- Consider a platform approach to simplify operations, enhance visibility, centralize control, and facilitate quicker, more coordinated responses
These practices all point to the same overarching principle: OT cybersecurity can't be solved with standalone tools or isolated teams. Instead, it demands a unified approach that brings together people, processes, and technology across both IT and OT environments.
Conclusion
The 2026 State of Operational Technology and Cybersecurity Report highlights a market in transition. As OT security matures, the threat landscape is also becoming more complex. Issues such as ransomware, phishing, extended dwell times, limited visibility, and fragmented security architectures continue to pose significant challenges. Fortunately, organizations are rapidly improving visibility, reassessing their maturity more honestly, preparing for regulation, and investing in more advanced security capabilities.
Get your copy of the full report to explore the survey results, evaluate your organization's OT security maturity, and discover practices that can help mitigate risks across today's increasingly interconnected industrial environments.