Full Report
A report from OPSWAT and the SANS Institute disclosed that ICS/OT (industrial control systems/operational technology) cybersecurity budgets lag... The post New OPSWAT-SANS survey detects growing gap in ICS/OT cybersecurity budgets amid rising threats appeared first on Industrial Cyber.
Analysis Summary
# Industry News: ICS/OT Budgets Lag Amidst Surging Attacks, Exposing Critical Infrastructure
## Summary
A new report from OPSWAT and the SANS Institute reveals a critical disconnect in Industrial Control Systems/Operational Technology (ICS/OT) security: despite a surge in attacks, budgetary support and dedicated resources significantly lag tailored risk management needs. A major contributing factor is that budget authority often rests outside of security leadership (CISOs/CSOs), leading to investment skewing toward traditional IT infrastructure rather than specialized OT defenses, increasing vulnerability for essential services.
## Key Details
- **Date:** Disclosed recently (report published Tuesday)
- **Companies Involved:** OPSWAT, SANS Institute
- **Category:** Market Analysis/Industry Report
## The Story
The "2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future" report highlights that while ICS/OT cybersecurity budgets have increased for 55% of organizations over the last two years, investment remains insufficient relative to the risk. Over 50% of organizations experienced an ICS/OT incident. Key threats include attacks originating from internet-accessible (33%) and transient devices (27%). Critically, only 27% of budget decisions for OT security are led by CISOs or CSOs, and 37% of organizations share budgets between IT and OT, often resulting in underfunding for OT-specific controls. IT compromises are the primary entry point (58% of incidents), underscoring the need for integrated, yet specialized, security strategies focusing on ICS-specific controls (e.g., ICS-aware firewalls and engineering-focused incident response).
## Business Impact
### For the Companies Involved
- **OPSWAT/SANS:** Publishing this data solidifies their positions as thought leaders in the OT security space, driving demand for their respective services and solutions aimed at bridging the identified resource and control gaps.
### For Competitors
- Competitors able to offer integrated IT/OT security solutions, or those specializing in OT-native risk assessment and compliance tools, may gain traction by addressing the CISO/CSO budget control deficit highlighted in the report.
### For Customers
- Customers face heightened operational risk due to underfunded and misaligned security programs, particularly if their security leadership lacks direct budgetary control over necessary OT defenses. They must actively push for specialized OT investment regardless of current budgeting structures.
### For the Market
- The report legitimizes the growing market demand for OT-specific security tooling, training, and professional services, signaling that generalized IT security budgets are inadequate for protecting critical infrastructure. It pressures the market toward requiring greater structural separation or dedicated prioritization within security spending models.
## Technical Implications
The data points to specific technical failure areas: **Internet-accessible control devices** and the management of **transient devices** (like laptops or USB drives) used to interface with ICS networks are common entry points. This mandates the deployment of layered defenses, including unidirectional security gateways, specialized network segmentation, and passive vulnerability scanning rather than active scans that could disrupt operations.
## Strategic Analysis
- **Market Positioning:** The OT security market is maturing, moving past initial awareness to demanding specificity in budget allocation and dedicated staff (only 9% dedicate 100% of time to OT security).
- **Competitive Advantage:** Organizations that quickly adopt the report's recommendations—integrating IT/OT teams and earmarking dedicated OT budgets led by security executives—will secure a significant resilience advantage.
- **Challenges:** The primary challenge is organizational inertia; overcoming shared or IT-controlled budgets that fail to account for the unique safety and operational requirements of industrial systems remains difficult, especially as less than half of organizations allocate even 25% of their total cybersecurity budget to critical infrastructure protection.
## Industry Reactions
- **Analyst Opinions:** Analysts will likely emphasize that security incidents in OT directly translate to safety risks, making the budgeting gap an existential threat rather than merely an IT problem.
- **Expert Commentary:** Experts like Dean Parsons are stressing that operational resilience requires *strategic investment* in ICS-specific training and controls, asserting that protecting engineering systems is "essential for operational resilience and national security."
- **Market Response:** Expect increased calls for regulatory bodies to mandate specific budget minimums or oversight structures for critical infrastructure security spending.
## Future Outlook
- We should watch for shifts in governance structures, specifically whether organizations begin moving 100% of the OT security budget under the CISO/CSO within the next 12-18 months. Furthermore, the demand for specialized OT security skillsets will likely outstrip supply, increasing consultancy costs.
## For Security Professionals
Cybersecurity practitioners must advocate strongly for the unique needs of OT environments. This includes pushing for **ICS-specific incident response plans** that prioritize safety over speed (unlike typical IT response) and actively seeking cross-training opportunities to build mutual understanding with operational engineering teams. Demonstrating the risk association between IT infiltration (58% of incidents) and OT compromise is key to justifying specialized budget requests.