Forescout Technologies disclosed that 57 percent of organizations deploy more than three separate tools to monitor IT, OT (operational technology), and IoT (Internet of Things) environments, resulting in fragmented insights and elevated operational complexity. Vulnerability prioritization (49 percent) and risk mitigation (44 percent) are cited as the most resource-intensive processes, exacerbated by fragmented asset inventories, limited visibility, and legacy infrastructure.
In the ‘Global Industrial Cybersecurity Benchmark 2025,’ a global study by Takepoint Research and sponsored by Forescout, nearly 60 percent of organizations admitted they have little to no confidence in detecting threats across their OT and IoT environments. Just 14 percent said they feel highly confident in their capabilities. Sixty-three percent of organizations take more than 30 days to remediate threats, with 37 percent needing over 90 days.
Furthermore, supply chain attacks and cybercriminal activity rank as the top external threats for 50 percent of respondents, ahead of concerns over nation-state actors (8 percent) and zero-day vulnerabilities (9 percent). Meanwhile, 64 percent say their OT cybersecurity maturity remains at a foundational level, marked by manual workflows, poor visibility, and patchwork controls. Just 17 percent report having advanced, integrated security programs.
The Forescout–Takepoint Research report found that 59 percent of respondents have low or no confidence in their OT and IoT threat detection capabilities, while only 14 percent expressed high confidence. This low confidence points to serious readiness gaps, likely caused by fragmented visibility, limited data sources, and a lack of necessary skills. As a result, operational environments are more vulnerable to undetected threats, which can delay incident response. The disparity in confidence levels also highlights a disconnect between the effectiveness of existing tools and how organizations perceive them, echoing earlier findings around tool sprawl, capability limitations, and workforce deficiencies.
The research also found that critical security tasks, such as vulnerability prioritization, risk mitigation, and incident response, demand significant time and attention, yet are hampered by limited staffing. Many organizations lack enough full-time OT security personnel to manage these workloads, leading to slower response times and increased dependence on manual processes. This imbalance highlights an urgent need for scalable solutions like automation and managed services to bridge the gap and maintain operational resilience.
“Low confidence in OT and IoT threat detection is a warning signal, not just a statistic,” Christina Hoefer, vice president of OT/ IoT Vertical and Strategy at Forescout, said in a Wednesday media statement. “For industrial organizations managing complex, high-stakes environments, improving detection means visibility across all devices, monitoring OT networks, and strategically investing in security controls that respect operational needs to reduce risks and enable effective incident response.”
“Industrial leaders tell us that they’re under intense pressure to modernize operations while still relying on fragmented and outdated security technologies,” said Jonathon Gordon, directing analyst at Takepoint Research. “They recognize that incremental fixes aren’t enough — they need a unified security strategy that bridges IT and OT, backed by executive support and driven by automation.”
The Forescout–Takepoint Research report aims to equip organizations with clear benchmarks to assess their OT cybersecurity maturity and identify strategic areas for improvement. It highlights best practices, critical challenges, and inherent strengths across various sectors to support informed strategic decision-making.
The Global Industrial Cybersecurity Benchmark 2025 surveyed 236 OT and automation leaders to uncover their top challenges, maturity gaps, and strategic priorities amid escalating risks to industrial organizations. Accelerated digitalization has expanded device connectivity, exposing critical systems to greater cyber threats. Heightened geopolitical tensions add pressure, forcing organizations to adopt more strategic, integrated security approaches that protect assets without disrupting operations.
Offering targeted insights for senior management, board members, CISOs, and OT cybersecurity leaders, the Forescout–Takepoint Research report noted that organizations using fragmented visibility and detection tools face increased risk from blind spots, alert fatigue, and inconsistent insights. Consolidating these tools into unified platforms with cross-domain visibility improves threat detection and streamlines response.
With limited OT security staff, automation helps close resource gaps and speed up remediation. While full automation isn’t always feasible—automatically patching a PLC, for instance, could interrupt critical operations—selective automation for tasks like vulnerability prioritization can reduce mean time to remediation without compromising stability.
The Forescout–Takepoint Research report found that 63 percent of respondents need 30 days or more to remediate threats, while 37 percent take over 90 days. Only 3 percent manage to resolve threats within a week. These extended remediation timelines greatly increase risk exposure, giving adversaries more time to maintain persistence and escalate attacks.
The delays are worsened by poor tracking of remediation metrics and coordination challenges, with 25 percent of respondents unsure about their exact timelines. Industrial-specific constraints, including scheduled maintenance windows and strict validation requirements, also contribute to the slowdown. To reduce mean time to remediation, organizations need better prioritization, increased automation, and more efficient workflows.
Supply chain vulnerabilities and cybercriminal groups, including ransomware actors, were tied as the top external threats, each cited by 25 percent of respondents. A lack of third-party visibility followed at 22 percent, while concerns about nation-state actors and zero-day vulnerabilities ranked much lower, at 8 and 9 percent, respectively, suggesting that organizations are primarily focused on immediate, operationally disruptive threats rather than stealthier, long-term strategic risks. The lower concern for nation-state attacks and zero-days may reflect limited detection capabilities or a perception that these threats are less likely to impact their environments.
The report mentioned that gaps in patching and vulnerability management, along with legacy systems, were identified by 52 percent of respondents as top internal concerns. Network visibility and segmentation, as well as shadow IT, were cited by 50 percent. Third-party connections and unmanaged devices also ranked high, each noted by 48 percent of respondents.
These findings underscore that many OT environments still struggle with basic security hygiene. Legacy assets significantly increase risk due to outdated software, unpatched vulnerabilities, and limited vendor support. Weak network segmentation and inadequate policy enforcement allow unauthorized devices to operate undetected. Meanwhile, third-party and unmanaged devices continue to expand the attack surface embedded in routine industrial operations.
The Forescout–Takepoint Research report detailed that real-time visibility into devices and risks was cited by 44 percent of respondents as their strongest cybersecurity capability. Communication of security posture to stakeholders ranked second at 22 percent. Meanwhile, automation was cited by just 11 percent, and the use of threat intelligence ranked lowest at only 5 percent, revealing notable gaps in advanced capabilities.
The findings suggest that visibility has become a foundational strength, pointing to improved situational awareness across industrial environments. However, in today’s threat landscape, visibility alone is no longer a differentiator; it is merely a baseline requirement.
The growing emphasis on communicating security posture to stakeholders reflects stronger alignment between security teams and business leadership. In contrast, low adoption of automation and threat intelligence highlights continued struggles with proactive and strategic cybersecurity operations, likely due in part to limited access to specialized OT and IoT threat intelligence.
The report also revealed that 45 percent of respondents believe that improved metrics and key performance indicators would significantly enhance risk management efforts. This was followed by 24 percent who cited unified visibility, often referred to as a single pane of glass, as a priority. Additional data sources and automation were seen as less impactful, ranked at 16 percent and 15 percent, respectively.
The emphasis on better metrics signals a broader shift in the industry toward more meaningful, business-aligned approaches to risk measurement. Continued interest in unified visibility reflects ongoing challenges with fragmented data and siloed insights. The relatively low value placed on additional data sources suggests that many organizations believe they already have enough data, though this perception conflicts with earlier concerns about limited data volume. This disconnect points to a deeper issue: organizations may not lack data, but rather struggle to contextualize and apply it effectively.
The Forescout–Takepoint Research report also cited that low confidence in threat detection often stems from poor telemetry coverage. Expanding data inputs across IT, OT, and IoT systems and unifying analytics strengthens both detection accuracy and response effectiveness. Remediation timelines that stretch beyond 90 days pose serious operational and reputational risks. This issue demands executive-level attention and coordination between cybersecurity, engineering, and operations teams to enforce timely and efficient response protocols.
Legacy systems, unmanaged devices, and shadow IT continue to expose organizations to risk. A phased modernization approach that emphasizes network segmentation and comprehensive asset discovery helps reduce the attack surface and improve security posture. The sector’s overall OT security maturity remains low. To raise the bar, organizations must align cybersecurity efforts with business goals using formal governance models, measurable KPIs, and structured roadmaps that support strategic investment and continuous improvement.
To address evolving threats and operational complexities, the Forescout-Takepoint Research report identified that organizations must move decisively toward unifying security strategies across IT and OT domains. They should invest strategically in automation, visibility solutions, and integrated analytics to close capability gaps and ensure security efforts are aligned with business objectives. Continuous benchmarking of maturity progress is essential, using insights and recommendations from this report as a foundation for ongoing improvement and long-term resilience.
