As the digital transformation shapes the industrial cybersecurity sector, organizations must increasingly be prepared to adopt cyber risk quantification models to align cybersecurity investments with operational excellence. Titled ‘State of the Industrial Cybersecurity Market in 2025,’ the guide highlights market drivers and trends for 2025 and the outlook. It details the need to adopt best practices, foster cross-functional collaboration, and learn from past experiences to enable these organizations to build secure, resilient systems capable of meeting today’s threats and tomorrow’s uncertainties. Moreover, organizations face rising insurance costs while dealing with sophisticated cyber threats, further demanding a delicate balance between cyber resilience and financial efficiency.
Adopting AI (artificial intelligence) is a highly promising strategic approach. Industrial organizations increasingly utilize AI to effectively address security gaps in ICS (industrial control systems) and OT (operational technology). AI’s rapid anomaly detection and response capabilities render it an essential tool for advanced cyber threat protection. AI adoption to secure ICS and OT systems represents a critical evolutionary step to maintain cybersecurity superiority against cyber adversaries without being merely a trend.
The merging of IT and OT systems creates new industrial cyber threat frontiers. With the increased rise of ransomware attacks and supply chain vulnerabilities, organizations must focus on bolstering their cybersecurity posture by adopting preemptive measures highlighting the necessity of all-encompassing cybersecurity approaches that blend IT and OT perspectives.
The adoption of ‘Secure by Design‘ principles has become more prevalent in efforts to build durable industrial systems. Safety becomes an integral part of industrial operations when systems are designed from scratch with security considerations. The approach serves dual purposes by reducing potential dangers while simultaneously building trust and reliability across sectors.
The necessity of preparing the workforce to tackle these challenges remains essential. Developing a strong OT cybersecurity workforce demands complex recruitment and retention approaches. Implementing ongoing educational programs alongside competitive rewards serves as a means to develop talent while simultaneously closing the skills gap and strengthening industrial cybersecurity protections.
Clearly, the industrial cybersecurity market in 2025 stands as both a threat battlefield and an innovation canvas where navigating converged IT/OT complexities demands strategic foresight and technological integration.
The guide is available for download now. Join our upcoming webinar for insights and direct discussions with top vendors featured in the guide to gain deeper insights into key issues affecting cybersecurity posture.
Strategies for balancing cyber resilience amid rising threats, insurance costs
Industrial Cyber reached out to industrial cybersecurity executives to understand how these organizations are reshaping their approach to cyber resilience to maintain business continuity in the face of escalating cyber threats. Additionally, they explored strategies for balancing proactive cybersecurity investments with the growing expenses of cyber insurance.
Jonathon Gordon, directing analyst at Takepoint Research, determined that industrial organizations are shifting toward a holistic model of cyber resilience, emphasizing proactive identification and mitigation of threats, robust incident response capabilities, and rapid recovery strategies integrated directly into core business operations.
“Rather than relying solely on traditional perimeter defenses, industrial organizations are shifting their focus toward real-time risk analytics, comprehensive asset visibility, and adaptive cybersecurity frameworks,” Gordon told Industrial Cyber. “As cyber insurance costs rise—and in some cases, coverage becomes more restrictive—organizations are turning to advanced cyber risk quantification tools. These tools provide concrete metrics that demonstrate the direct impact of cybersecurity investments on operational continuity and risk reduction. By leveraging these insights, organizations can potentially secure more favorable insurance terms while optimizing cybersecurity spending.”
Jay Williams, CEO of Industrial Defender said that cyber resilience has elevated cyber security into executive-level risk management programs. “This makes cyber risk not just the responsibility of the CISO/security team but a board-level concern with shared ownership and accountability for its impact on business continuity. Industrial organizations have always had to make calculated decisions about how they manage each risk against safety and uptime requirements and what they can insure. This all comes down to your understanding of the risk.”
Williams told Industrial Cyber that this is a challenge for organizations that don’t have a good understanding of their OT environment. “Without understanding what assets are integral to operation resilience, you can’t determine the risk implications.”
“Organizations are acting to ensure business continuity, even if that action today is only putting it on the radar,” Debbie Lay, principal sales engineer at TXOne Networks, told Industrial Cyber. “Some are focused on where to start. Others are discovering the challenges of implementing traditional security solutions that do not ensure continuity. OT and IT have made strides in working together, and OT now has specific guidance and regulations for protecting critical assets. Both are positive things, given the rise in cyberattacks.”
Lay added that the ease of leveraging existing IT cybersecurity investments in OT might be appealing. “Drawing on existing knowledge and playbooks can make it look like ‘We got this,’ but it often creates more challenges than it solves. Cybersecurity professionals should take the extra time to identify OT-specific, proactive alternatives prior to wedging IT security solutions into OT environments.”
Bill Moore, chief executive officer and founder at Xona Systems, identified that cyber resilience is now inseparable from operational continuity.
“Industrial organizations are moving beyond reactive defenses, adopting proactive, access-focused controls that mitigate attack surfaces without disrupting uptime,” Moore told Industrial Cyber. “Investments are increasingly aimed at securing access at the asset and application level instead of the network level—especially for remote users and third parties—without introducing complexity.”
He added that by adopting purpose-built, zero-trust principles, critical infrastructure organizations can ensure identity-based, least-privilege access and not only reduce breach risk but also demonstrate compliance with frameworks like NERC-CIP and IEC 62443, helping control cyber insurance premiums through reduced exposure.
Adopting AI to secure vulnerabilities, benefits in ICS, OT industrial systems
The executives assess how AI is revolutionizing threat detection and response in ICS and OT environments, and they explore the strategies being implemented to ensure these AI-driven tools do not create new vulnerabilities.
“AI has the potential to significantly enhance threat detection and response in ICS/OT environments by enabling real-time anomaly detection, predictive analytics, and automated incident management—dramatically reducing response times to cyber incidents,” Gordon said. “AI-driven platforms offer critical operational insights and improve the detection of subtle threat patterns that traditional security systems might miss.”
However, he added that to mitigate AI’s inherent risks, industrial organizations must implement rigorous governance frameworks. “These should include continuous model validation, strict data integrity protocols, and comprehensive transparency measures. Additionally, maintaining strong human oversight in AI-driven processes is essential to minimizing risks associated with automation and false positives, ensuring a balanced and effective cybersecurity strategy.”
“Adversaries increasingly use AI in their attacks, so defenders need to leverage AI to keep up with growing scale and complexity,” according to Williams. “In detection and response, humans still need to take action in ICS/OT environments. AI can greatly assist detection, analysis, and prioritization, but automating the response actions introduces the risk of operational disruption.”
Williams pointed out that the use of AI should be governed by company policies and security assessment procedures. “And when a product says, AI, what does that entail? One of the most practical applications is the use of LLM capabilities for accelerating the analysis of data, such as for analyzing network anomalies or automating the prioritization of vulnerabilities. Again, it’s the human who needs to make the final call on action especially as there will be false positives, but risk prioritization can be greatly accelerated.”
Lay said that, among the many possibilities, “we embrace AI in OT security to integrate environment-specific operational context into intelligence frameworks. This approach enhances the ability to uncover unknown risks and counter the growing wave of targeted attacks. By leveraging operational context, AI-assisted security actions can dramatically reduce false alarms—one of the key reasons that traditional IT security solutions often fall short in OT.”
“AI is beginning to shift the landscape from reactive incident response to predictive resilience in industrial environments. By analyzing behavioral baselines and real-time telemetry, AI can uncover threats that static rules miss—especially in complex OT systems where traditional tools falter,” Moore said. “But in OT, ‘more intelligence’ cannot come at the cost of introducing new risk. To avoid introducing vulnerabilities, organizations are typically validating AI models by introducing automation with a ‘human in the loop’ model.”
He added that the real challenge lies in governing AI’s use responsibly: demanding explainability, validating models against real-world OT conditions, and ensuring every AI-enhanced action is observable, reversible, and aligned with safety. “Success will come not from more AI—but from applying AI within the boundaries of operational integrity and human trust.”
New frontiers of industrial cyber threats in a converged IT/OT world
The executives address how the convergence of IT and OT environments has expanded the industrial attack surface and the emerging threats, such as ransomware and supply chain attacks, that are most concerning for industrial cybersecurity in 2025.
“The convergence of IT and OT has notably expanded industrial organizations’ attack surfaces by introducing traditionally isolated OT systems to internet-exposed networks, third-party integrations, and cloud-based platforms,” Gordon said. “This interconnectivity significantly increases vulnerabilities and potential entry points for attackers.”
He assessed that among the most concerning threats anticipated in 2025 are sophisticated ransomware attacks targeting operational disruptions and increasingly complex supply chain exploits, where adversaries infiltrate through trusted third-party vendors and software providers. “Moreover, state-sponsored cyber-physical threats present profound risks to critical infrastructure, highlighting the urgent need for integrated defense strategies.”
Williams said that “increased connectivity and digitalization does require us to be more vigilant about monitoring the attack surface. Even just uncertainty in how IT and OT environments are connected can cause OT disruptions – e.g. when a breach happens on the IT side, organizations have taken OT systems offline to mitigate risks to operations, even if they don’t know if OT has been compromised.”
He added that ransomware reports to the FBI and concerns about nation-state activities and supply chain vulnerabilities are rising. Despite these varying threats, consistent mitigation advice prevails: reinforce security basics like patching vulnerabilities, monitoring assets, segmenting networks, and managing identity and access. Strong cyber hygiene and a defense-in-depth strategy remain essential as the threat landscape evolves.
“Convergence was driven by business needs, but it lacked the in-depth knowledge of the unique OT environment,” Lay observed. “Most organizations simply installed a firewall between their enterprise network or configured a VLAN for OT. Firewalls have become a common target themselves due to the configuration and maintenance complexities, so adding firewalls alone is not sufficient to defend the operation.”
She added that ransomware continues to impact OT environments. “To combat this and other emerging threats, the OT side needs to segment flat networks. Even if it is segmented, the mission-critical processes need to be protected differently. (All OT VLANs are probably not the same from a criticality standpoint.) Then, the OT-to-IT convergent point needs to be re-assessed, including adding an OT-specific firewall of a different vendor so that no asset from the enterprise can talk to OT and vice versa without going through two firewalls of different vendors.”
Moore said the IT/OT convergence has erased traditional boundaries, exposing critical systems to increased threat vectors once-isolated. “In 2025, ransomware targeting OT assets and vulnerable third-party remote connections are among the most alarming threats. Attackers exploit VPNs and jump servers to move laterally into critical environments. That’s why replacing those with modern, isolated access overlays—that prevent the connectivity of insecure user endpoints with critical assets—is essential. It ensures critical systems remain segmented and isolated, even when IT layers like user endpoints become compromised.”
Focus on designing industrial safety using ‘Secure by Design’ principles
The executives look into mechanisms that industrial organizations implement to mitigate third-party risks in an interconnected supply chain. They also evaluate how manufacturers and suppliers collaborate to embed ‘secure by design’ principles into industrial equipment and systems.
Gordon highlighted that industrial organizations increasingly adopt advanced risk management solutions, such as real-time vendor monitoring platforms, comprehensive Software Bill of Materials (SBOMs), and dynamic contractual obligations mandating stringent cybersecurity standards.
“Organizations really need to run robust Third-party Risk Management (TPRM) as a dedicated program. TPRM programs operate in tandem with cybersecurity, but it also extends into areas of collaboration and sourcing with vendors,” Williams said. “OT asset management is part of managing this risk, including an accurate, up-to-date inventory of both hardware and software so you can get an accurate assessment of vulnerabilities. The next level of analysis then would be SBOMs, for understanding all the components within the software build.”
He added that manufacturers and suppliers are increasingly expected to provide SBOMs as part of the broader ‘secure by design’ approach. “There is growing collaboration and transparency. However, when it comes to your security, you can’t just rely on the vendor-provided information. This goes back to having your own TPRM policies, making your selections, and managing your suppliers with that governance.”
“While I believe and support the ‘secure-by-design’ approach, it will take years to achieve,” Lay pointed out. “Today’s OT assets will become legacy systems 20-30 years from now and will have the same vulnerabilities then. Regardless, as cybersecurity professionals, we own it. We must protect our companies’ assets and reputations, and we must control and mitigate what comes into our organizations by adopting cybersecurity-aware processes throughout the interconnected supply chain.”
Providing an example of this collaboration, Lay mentioned SEMI 187, which brings OEMs and device manufacturers together in a neutral environment to explore solutions for their various cybersecurity challenges.
Moore commented that third-party access is now one of the top risk vectors. “Industrial organizations are deploying centralized access gateways with moderated access, identity-based segmentation, and just-in-time controls to govern every vendor session. Increasingly, OEMs and asset owners are collaborating on secure-by-design principles—embedding access controls and audit capabilities directly into their service offerings.”
He added that this collaboration ensures vendor access that is logged, temporary, and policy-enforced—without requiring endpoint trust or network exposure.
Building robust OT cybersecurity workforce through recruitment, retention
The executives explore practical strategies for recruiting and retaining skilled OT cybersecurity professionals. They also evaluate how evolving regulations, such as NIS2 and CISA guidelines, influence industrial cybersecurity practices and challenge organizations to maintain ongoing compliance.
“Effective strategies for recruiting and retaining skilled OT cybersecurity professionals include implementing targeted training programs that emphasize practical, scenario-based learning and tabletop exercises,” according to Gordon. “Additionally, organizations can strengthen their workforce by cultivating diverse talent pipelines, leveraging non-traditional sources, and adopting inclusive recruitment policies.”
To address workforce shortages, he noted that automation and AI technologies play a crucial role by reducing manual workloads, allowing cybersecurity teams to focus on complex threat mitigation rather than routine operations.
“At the same time, evolving regulations are reshaping industrial cybersecurity, pushing organizations toward continuous compliance, greater operational transparency, and stronger governance frameworks,” Gordon added. “Companies that proactively integrate regulatory mandates into their cybersecurity programs not only enhance their security posture but also improve operational resilience and long-term compliance sustainability.”
Williams identified a lot of great untapped OT security talent out there. Some universities have started to inject OT/ICS education into their cybersecurity programs, providing a direct pipeline. Additionally, consider candidates with cybersecurity education who have gone to work at a manufacturer or industrial organization or engineers on the ICS/OT side looking to get into cybersecurity.
“The regulatory landscape in cybersecurity is complex and continues to evolve. While enforced compliance frameworks contribute to security at some level, their effectiveness depends on the implementation,” Williams added. “Guidelines and directives that are not enforced can still offer some structure and best practices for your OT security program. Either way, it’s crucial for organizations to develop OT security programs that go above compliance.”
Regulations emphasize stricter incident reporting, risk management, supply-chain security, and accountability, Lay identified. “Cybersecurity professionals typically focus on the technical aspects, but priorities need to change if focusing on continuous compliance.”
She added that when recruiting talent, look for attention to detail, good communication skills, integrity, and—most of all—adaptability. “Staying current with evolving regulations and industry changes requires a commitment to continuous learning and self-motivation.”
Moore said that the OT cybersecurity talent gap isn’t just about hiring—it’s about keeping good people from burning out. “The most effective retention strategy? Give experts time to be experts. That means eliminating unnecessary friction, automating routine compliance tasks, and designing systems that work the way operators think they should.”
He added that regulations like NIS2 and TSA SD02E demand more than checkbox compliance—they call for continuous security posture checks. “Meeting that bar requires platforms that unify access, audit, and control—without adding complexity. Organizations that invest in simplicity and operational trust aren’t just more secure—they’re where the best talent wants to stay,” he concluded.
