Trends and expectations for OT security in 2025

Industrial organisations continue to push the boundaries of technological innovation, increasingly integrating operational technology (OT) with information technology (IT) to drive competitive advantage. The convergence of OT and IT has accelerated, creating more sophisticated, interconnected ecosystems that leverage advanced technologies such as:

• Sophisticated supervisory control and data acquisition (SCADA) systems that offer unprecedented visibility and control
• Advanced Industrial Internet of Things (IIoT) networks with intelligent, context-aware sensors
• Integrated industrial control systems (ICS) that enable real-time data analytics and predictive maintenance

As industrial systems become more connected and intelligent, the attack surface for cyber threats has dramatically expanded. The increasing connectivity of OT environments to external networks has exposed critical infrastructure to more sophisticated and targeted cyber risks. This digital transformation brings both unprecedented opportunities and significant security challenges.

This article will explore the most important trends and expectations for OT security in 2025.

Understanding OT security

Before exploring the critical OT security trends for 2025, it's essential to establish a clear definition of what OT security encompasses. OT security represents a comprehensive framework of hardware and software technologies strategically designed to monitor, detect, and control changes across devices, processes, and industrial events.

The primary purpose of OT security is to protect industrial systems and networks from sophisticated cyberattacks. It serves as a critical defense mechanism for safeguarding essential critical infrastructures, including:

• Power generation and distribution stations
• Complex transportation networks
• Municipal water distribution systems
• Advanced smart city infrastructure and appliances

Do you want to read in more detail what OT security is? Continue reading our resource on this topic.

The most important OT security trends for 2025

Now that we know what OT security is and why it is of the utmost importance in modern industrial, production and manufacturing environments, let us delve a little deeper into the six major OT security trends for 2025.

1. Increasingly digitised operational environments

Operational environments (SCADA is a good example) are becoming increasingly digitised and more inclusive of IoT technologies. In the past, a malware infection would usually only impact a company’s administrative network. The interconnected and digital transformation of networks and operational environments now makes them all open to risk. This trend can negatively impact a company’s downtime and has the serious potential to compromise employees' physical safety in the workplace.

Adding to this complexity, many IoT technologies are now connected to the outside world via the cloud, whether through public cloud providers like AWS or Azure or private cloud environments. Workloads are increasingly being processed in the cloud, extending the attack surface and introducing additional vectors for potential threats. While the cloud enables greater efficiency and scalability, it also requires robust security measures to protect sensitive operational data and ensure the reliability of interconnected systems.

Tech observers notice a shift amongst threat actors away from financial services to the manufacturing industry, where vulnerabilities in these digitised and cloud-connected environments can be exploited.

2. From business interruptions to physical harm

Causing business interruptions used to be the main goal of malware and cyberattacks. However, the spillover from malware and cybercrime from IT into the domain of OT has broadened and shifted the scope of cyberattacks. Nowadays, attackers regularly focus on causing physical harm to companies or even nation-states by targeting companies or facilities that deliver essential services and utilities (raw materials, energy and water, infrastructure, finance).

Cyberattackers are already using operational technology environments as weapons, they can be successful enough to cause human casualties. We've seen this in the Russia-Ukrainian war and in the Israel-Gaza conflict. This exacerbates the potential geopolitical threats OT systems face.

Following the start of the Russia-Ukraine war and the Israel-Gaza conflict, there has been a significant rise in hacktivism (politically or ideologically motivated hacking and cybercrime). Researchers from Cloudflare saw signs of cyberattacks in the form of DDOS attacks impacting both Israel and Palestine. Following the escalation of hostilities on October 7, 2023, internet connectivity issues were observed in the Gaza Strip, with two autonomous systems going down shortly after the events unfolded. This was followed by similar disruptions affecting two more networks on October 9, 2023. In tandem with these outages, a surge in cyberattacks was noted, with one of the most significant being a distributed denial-of-service (DDoS) onslaught that bombarded Israeli servers with over 1.26 billion HTTP requests.

This year, we can expect military groups worldwide to increasingly rely on expert hackers to attack other nations’ critical infrastructure and private business operations.

3. Proactive OT security with NIS2

If your industry falls under the 'essential companies' the of NIS2 Directive, then you need to step up your cybersecurity game. NIS2 will notably affect OT environments by imposing more stringent cybersecurity requirements and expanding the range of affected sectors, thereby increasing the number of organisations that must comply. You'll need to adopt stronger security practices, ensure incident reporting, manage supply chain risks, and improve resilience against cyberattacks.

This regulatory push aims to elevate the baseline security posture of OT environments across the EU, recognising their critical role in the overall safety and reliability of essential services. Consequently, organisations may have to invest in advanced cybersecurity technologies, enhance staff training, and develop comprehensive risk management strategies to align with NIS2 standards. Get your advice on actions that your organisation can take.

4. The expansion of IoT and more DDoS bot attacks

By 2030, there will be approximately 29 billion IoT connections worldwide. Many companies already have different kinds of IoT technologies connected to their network, including passive RFID, real-time location tracking, GPS tracking, security sensors, grid sensors, and condition sensors. These devices use a wide range of communications protocols, including Wi-Fi, cellular systems (CDMA/GPRS/4G), mesh networks, telematics, and near-field communications (NFC). This rapid accumulation of IoT devices in OT environments increases the threat of large-scale DDoS botnet attacks, since many IoT devices lack built-in security measures.

5. Governments and companies get fully committed to reducing OT security risks

Operational technology has long been one of the most targeted and lowest-prioritised technology areas. OT is low-hanging fruit for attacks and is so ingrained in the critical infrastructure systems that organisations are struggling to keep up with the pace of change in cybersecurity. In light of growing OT security threats, governments and companies are expected to crank up their OT security in 2025.

More and more companies are recognising the importance of building a dedicated culture of IT and OT security. A growing number will look to invest in extensively training their end users to better detect OT and IT security threats. Organisations will also increasingly look to reassess their training programs. This strategy allows users to get familiar with the bribery and extortion tactics associated with the latest social engineering schemes. The US government and the European Union are also busy bolstering IT and OT security through new regulations and the promotion of custom-made detection, scanning and security tools.

6. Outsourcing OT security

As cybersecurity threats to OT environments become increasingly complex and frequent, organisations face growing challenges in securing their systems. With a significant talent shortage in IT and cybersecurity, many companies are turning to alternatives such as outsourcing the management of critical cybersecurity functions, including OT security. This approach can help mitigate risks by leveraging external expertise to address vulnerabilities more effectively.

7. Collateral damage and supply chain risks

The trends mentioned above are mainly direct threats, but it is also possible that organisations become victims as a result of collateral damage. Consequences of cyber-attacks on OT security can often be unintended and the methods are often imprecise. This leaves a big risk for collateral damage. When a cyber-attack takes place at one company, it may affect others in the process. You might think that your information is unimportant or unattractive to cybercriminals, but this is often not the case. Don't underestimate the desirability of your data!

There are several potential risks to OT systems that are associated with the supply chain. A supply chain incident happens when the components that make up the OT system are compromised. A well-known example of a supply chain attack was the Solarwinds attack. This attack compromised the servers of a software company that sells network management tools, causing them to update customers' computer systems with software that had malicious software, which in turn infiltrated their customer's systems.