Skip to main content

SANS State of ICS/OT Security 2025

The 2025 survey reveals a clear pattern: most ICS/OT incidents begin with external access pathways, visibility collapses at the lower Purdue levels, and organizations are prioritizing investments that strengthen remote access governance and control.

Inside the report, you’ll learn:

Why 50% of all ICS/OT incidents originated from unauthorized external access.

How visibility drops sharply at Purdue Levels 2–3 and remote sites—the exact places attackers target.

Why secure remote access is one of the top planned investments through 2027 across industrial sectors.

Get the SANS Report

Why Secure Remote Access Is Central to OT Cybersecurity in 2025

Key insights from the survey:

Only 13% of organizations have implemented advanced controls like session recording, ICS-aware access, or real-time approvals.

One-third of organizations have no centralized inventory of active remote access points, widening risk exposure.

Fully prepared organizations are 3.7× more likely to maintain strong remote access controls—highlighting what separates leading programs from the rest.

Download the SANS Report
SANS Report Cover

SANS_Institute_Logo-w

The 2025 ICS/OT Cybersecurity Survey represents the latest edition of SANS Institute’s poll of security professionals. The sponsors of this year’s survey all offer advanced capabilities that we believe will be of interest to SANS’ clients, and, for this reason, we’re presenting the following product briefings on some of their relevant offerings.

© 2015 - 2025 Dispel, LLC & Dispel Global, Inc